TeamPcp
APT Group
1 zero-day CVE
Also Known As 6 names
ShellForce
Persy_PCP
CipherForce
PCPcat
DeadCatx3
team pcp
Target Countries 2
Countries highlighted in red
Germany
United States
Details
Last Updated
24 Mar 2026
MITRE ATT&CK 77
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1016 - System Network Configuration Discovery
T1021.004 - SSH
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.003 - Steganography
T1036 - Masquerading
T1036.005 - Match Legitimate Name or Location
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1053.003 - Cron
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1059 - Command and Scripting Interpreter
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.006 - Python
T1059.007 - JavaScript
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072 - Software Deployment Tools
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1090 - Proxy
T1102 - Web Service
T1102.001 - Dead Drop Resolver
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1119 - Automated Collection
T1132.001 - Standard Encoding
T1132.002 - Non-Standard Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1190 - Exploit Public-Facing Application
T1195 - Supply Chain Compromise
T1195.002 - Compromise Software Supply Chain
T1204.002 - Malicious File
T1485 - Data Destruction
T1486 - Data Encrypted for Impact
T1496 - Resource Hijacking
T1498 - Network Denial of Service
T1525 - Implant Internal Image
T1530 - Data from Cloud Storage Object
T1542.003 - Bootkit
T1543 - Create or Modify System Process
T1543.002 - Systemd Service
T1546 - Event Triggered Execution
T1547 - Boot or Logon Autostart Execution
T1548.003 - Sudo and Sudo Caching
T1552 - Unsecured Credentials
T1552.001 - Credentials In Files
T1552.004 - Private Keys
T1552.005 - Cloud Instance Metadata API
T1553.006 - Code Signing Policy Modification
T1555 - Credentials from Password Stores
T1560 - Archive Collected Data
T1562.001 - Disable or Modify Tools
T1567 - Exfiltration Over Web Service
T1567.001 - Exfiltration to Code Repository
T1569.002 - Service Execution
T1570 - Lateral Tool Transfer
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1573.001 - Symmetric Cryptography
T1574.006 - Dynamic Linker Hijacking
T1588.001 - Malware
T1588.006 - Vulnerabilities
T1609 - Container Administration Command
T1610 - Deploy Container
T1611 - Escape to Host
TA0009 - Collection
TA0010 - Exfiltration