Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:48:05 UTC
Home > List all groups > List all tools > List all groups using tool NCAT
 Tool: NCAT
Names NCAT
Category Tools
Type Backdoor, Downloader, Exfiltration
Description
(Mandiant) NCAT is a command-line networking utility that was written for the nmap Project
to perform a wide-variety of security and administration tasks. While NCAT may be used for
legitimate purposes, threat actors may also use it to upload or download files, create backdoors
or reverse shells, and tunnel traffic to evade network controls.
Information <https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia>
Last change to this tool card: 27 December 2022
Download this tool card in JSON format
All groups using tool NCAT
Changed Name Country Observed
APT groups
  UNC4191 2022  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a
Page 1 of 1