TeamPCP
Also known as ResoluteXBF, Replicating Marauder, UNC6780, Shellforce, PersyPCP, pcpcats, SHADOW-WATER-058, @pcpcats, Mini Shai-Hulud, xploitrsturtle2, PCPCat
Reports
42
First seen
Mar 26
Last seen
Jun 18
Motivation
financial, financial extortion, notoriety, disruption, chaos
Targeting
Sectors
technology ×23other ×2financial services ×1
Victim regions
United States ×14Brazil ×1
Top ATT&CK techniques
T1195 Supply Chain Compromise ×28T1041 Exfiltration Over C2 Channel ×25T1555 Credentials from Password Stores ×23T1005 Data from Local System ×19T1078 Valid Accounts ×17T1003 OS Credential Dumping ×10T1204 User Execution ×9T1566 Phishing ×9T1190 Exploit Public-Facing Application ×8T1547 Boot or Logon Autostart Execution ×7T1486 Data Encrypted for Impact ×7T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage ×6
Indicators
cve ×128domain ×41filename ×36ip_v4 ×24hash_sha1 ×13url ×5hash_sha256 ×5email ×2
Indicator values are available on Pro and via the API.
Associated CVEs
CVE-2025-55182 (exploited)CVE-2026-0300 (exploited)CVE-2026-33017 (exploited)CVE-2026-45585 (exploited)CVE-2024-21626 (exploited)CVE-2024-3400 (exploited)CVE-2024-9643 (exploited)CVE-2025-29635 (exploited)CVE-2025-29927 (exploited)CVE-2025-48703 (exploited)CVE-2025-9501 (exploited)CVE-2026-1357 (exploited)CVE-2026-20127 (exploited)CVE-2026-20182 (exploited)CVE-2026-20223CVE-2026-22719 (exploited)CVE-2026-28950CVE-2026-33626 (exploited)CVE-2026-33825CVE-2026-35616 (exploited)
Recent reports
High