ShellCodeX
Tools • Events • News • Insights
Threat Group Profile

pear

● Active — last 30 days
Victim claims 34
First seen Apr 2026
Last activity 30 Jun 2026
Tracked since Aug 2025

Group overview

Pure Extraction And Ransom (PEAR) Team is the community of highly responsible and strictly disciplined members. We are a private team and have nothing common with any other threat actors. We've been monitoring this field for a long-long time. So, we understand all the processes and know well how it all works.

Preferred targets

Business Services · 12 Healthcare · 5 Consumer Services · 3 Manufacturing · 2 Transportation/Logistics · 2 Construction · 2

Most targeted countries

US · 28 CA · 2 SG · 1 FR · 1 NO · 1 JM · 1

Tactics & techniques (MITRE ATT&CK)

Initial Access

Valid Accounts Phishing

Execution

Command and Scripting Interpreter: PowerShell User Execution: Malicious File User Execution: Malicious Copy and Paste

Persistence

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Defense Evasion

Obfuscated Files or Information: Encrypted/Encoded File Process Injection: DLL Injection

Credential Access

Input Capture: Keylogging Credentials from Password Stores: Credentials from Web Browsers

Collection

Data from Local System Data Staged Email Collection Data from Information Repositories Archive Collected Data: Archive via Utility

Exfiltration

Exfiltration Over C2 Channel Exfiltration Over Web Service Exfiltration Over Webhook

Command and Control

Application Layer Protocol: Web Protocols Proxy: Multi-hop Proxy

Victim Claims Timeline

Back to radar
Siegel Lewitter Malkani
🇺🇸 US Business Services sl-employmentlaw.com
Family Psychological Associates
🇺🇸 US Healthcare kcifpa.com
Powell, Powell & Powell, P.A.
🇺🇸 US Business Services powelllawfirm.com
The McLamb Group, Inc
🇺🇸 US Business Services themclambgroup.com