Threat Group Profile
pear
β Active β last 30 days
Victim claims
34
First seen
Apr 2026
Last activity
30 Jun 2026
Tracked since
Aug 2025
Group overview
Pure Extraction And Ransom (PEAR) Team is the community of highly responsible and strictly disciplined members. We are a private team and have nothing common with any other threat actors. We've been monitoring this field for a long-long time. So, we understand all the processes and know well how it all works.
Preferred targets
Business Services Β· 12
Healthcare Β· 5
Consumer Services Β· 3
Manufacturing Β· 2
Transportation/Logistics Β· 2
Construction Β· 2
Most targeted countries
US Β· 28
CA Β· 2
SG Β· 1
FR Β· 1
NO Β· 1
JM Β· 1
Tactics & techniques (MITRE ATT&CK)
Initial Access
Valid Accounts
Phishing
Execution
Command and Scripting Interpreter: PowerShell
User Execution: Malicious File
User Execution: Malicious Copy and Paste
Persistence
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
Defense Evasion
Obfuscated Files or Information: Encrypted/Encoded File
Process Injection: DLL Injection
Credential Access
Input Capture: Keylogging
Credentials from Password Stores: Credentials from Web Browsers
Collection
Data from Local System
Data Staged
Email Collection
Data from Information Repositories
Archive Collected Data: Archive via Utility
Exfiltration
Exfiltration Over C2 Channel
Exfiltration Over Web Service
Exfiltration Over Webhook
Command and Control
Application Layer Protocol: Web Protocols
Proxy: Multi-hop Proxy