Pulse Detail — Threat Intelligence

PULSE NAME

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale | SentinelOne

WHITE CyberHunter_NL 2026-05-11 Modified: 2026-05-11

IOCs

HIGH VOLUME

SentinelLABS has identified PCPJack, a toolset dedicated to stealing data from exposed cloud services and propagating the malware on other systems, as part of an ongoing cyber-attack campaign.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1046 T1496 T1102 T1055 T1140 T1525 T1547 T1560 T1059 T1036 T1008 T1134

MALWARE FAMILIES

VECT C2 Docker API

Indicators of Compromise (55)

All IPv4 CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	161.97.163.87	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	213.136.80.73	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	38.242.245.147	CC=US ASN=AS51167 contabo gmbh	2026-05-11
CVE	CVE-2025-29927	—	2026-05-11
CVE	CVE-2025-48703	—	2026-05-11
CVE	CVE-2025-55182	—	2026-05-11
CVE	CVE-2025-9501	—	2026-05-11
CVE	CVE-2026-1357	—	2026-05-11
FileHash-MD5	08a7282a935d6baf3d450fe4f47b67fb	MD5 of fed52a4bbac7b5b6ae4f76cab3eadd67e79227e3	2026-05-11
FileHash-MD5	17e80f36b7f56d2888f65474bec00f1a	MD5 of 01cebc48016395e284ac76afc1816f143ee3e7b6	2026-05-11
FileHash-MD5	273e2d4e56f33cec2a513adc41cd2066	MD5 of 2fab324eb0d927846c8744dc0e217beea65138e0	2026-05-11
FileHash-MD5	3e6f07e3d3d05cdd4ec07cbf90091558	MD5 of 005587975a483876c1fa26b64b418931019be38f	2026-05-11
FileHash-MD5	44bf47612aa00c7c17d935dd6b971b6e	MD5 of 0b86434ca5145636d745222f7e49c903ce6ef538	2026-05-11
FileHash-MD5	7354c768c17c3cfc5d6a3554f2fb83d0	MD5 of 2cd2c5268e41cdece1b0506bcda3b9eba2998119	2026-05-11
FileHash-MD5	8210f56c98b0f77b3a28649c3b310d3e	MD5 of 339cbf61c80f757085c5afb7304d69f323bdf87a	2026-05-11
FileHash-MD5	9b0264dd7b47b7645d7628b55fe08440	MD5 of 6060da100b5cd587131a1c11a20d6e0108604744	2026-05-11
FileHash-MD5	9b2783fbc2a4a8e910ae0839ba031d2d	MD5 of 9c7ab48c9fdbbeecdad8433529bdab38584f0e25	2026-05-11
FileHash-MD5	b8e7288656eca9750a5490aa96d3594b	MD5 of c2dd8051d89c4efa71bd67d2df7d9b4bc3e67810	2026-05-11
FileHash-MD5	dab862fbe1f673911f7afcb13a191bd9	MD5 of 848ef1f638807826586802428a7ebafdc710915c	2026-05-11
FileHash-MD5	eaff4f12dd24edd8881019835be5bd05	MD5 of a20a9924d92c2b06d82b79c0fe87451c650cabec	2026-05-11
FileHash-SHA1	005587975a483876c1fa26b64b418931019be38f	—	2026-05-11
FileHash-SHA1	01cebc48016395e284ac76afc1816f143ee3e7b6	—	2026-05-11
FileHash-SHA1	0b86434ca5145636d745222f7e49c903ce6ef538	—	2026-05-11
FileHash-SHA1	2cd2c5268e41cdece1b0506bcda3b9eba2998119	—	2026-05-11
FileHash-SHA1	2fab324eb0d927846c8744dc0e217beea65138e0	—	2026-05-11
FileHash-SHA1	339cbf61c80f757085c5afb7304d69f323bdf87a	—	2026-05-11
FileHash-SHA1	6060da100b5cd587131a1c11a20d6e0108604744	—	2026-05-11
FileHash-SHA1	848ef1f638807826586802428a7ebafdc710915c	—	2026-05-11
FileHash-SHA1	9c7ab48c9fdbbeecdad8433529bdab38584f0e25	—	2026-05-11
FileHash-SHA1	a20a9924d92c2b06d82b79c0fe87451c650cabec	—	2026-05-11
FileHash-SHA1	c2dd8051d89c4efa71bd67d2df7d9b4bc3e67810	—	2026-05-11
FileHash-SHA1	fed52a4bbac7b5b6ae4f76cab3eadd67e79227e3	—	2026-05-11
FileHash-SHA256	2d3a765a86e2cea9766617abd1a7cb8a1b42734b2845cd43bd29d705dcac5102	SHA256 of 0b86434ca5145636d745222f7e49c903ce6ef538	2026-05-11
FileHash-SHA256	3676afced780af0d8644e36a8c9aaaff7495cd0e3cf5eb0026c87021cf922f3f	SHA256 of 2fab324eb0d927846c8744dc0e217beea65138e0	2026-05-11
FileHash-SHA256	5672e18c69d02eda348068f2e3c414cd2e184495cef57c57387aa14f6f5935a2	SHA256 of 6060da100b5cd587131a1c11a20d6e0108604744	2026-05-11
FileHash-SHA256	7b4a60397103a4176cb9abd480b74e372e909543f212ad450bd272e6fffd4a4a	SHA256 of 848ef1f638807826586802428a7ebafdc710915c	2026-05-11
FileHash-SHA256	8ceec98e739ccac99a151e0186f2df0a51fae8a2067c0b49d53e52e38bc096a7	SHA256 of 2cd2c5268e41cdece1b0506bcda3b9eba2998119	2026-05-11
FileHash-SHA256	932058dd584b430f666d64d8bbdf769a8f0b62b67e2c64e41eb9dd40552bd78e	SHA256 of 339cbf61c80f757085c5afb7304d69f323bdf87a	2026-05-11
FileHash-SHA256	b1d8149e5c7b6312f40c220e89b1913762f9aa416ff491540b3b7b7040260eb5	SHA256 of 005587975a483876c1fa26b64b418931019be38f	2026-05-11
FileHash-SHA256	c788d79efa368c71bb40c7514e0a48afee1b7c8aa7a85201c97c88d038e0c886	SHA256 of fed52a4bbac7b5b6ae4f76cab3eadd67e79227e3	2026-05-11
FileHash-SHA256	ce4bdb4e07d291997310b65fae74280c81ecb2651658fc4a97192346297c3df9	SHA256 of a20a9924d92c2b06d82b79c0fe87451c650cabec	2026-05-11
FileHash-SHA256	e41c635e4c3514e266d143d544ad1abde5db3dcfe6cccdf9bb7a218003f8ab6a	SHA256 of c2dd8051d89c4efa71bd67d2df7d9b4bc3e67810	2026-05-11
FileHash-SHA256	e9c7af65049590ab1d78e6ae52bfbdcdc9d8f3c05501b7f345ed6127e8e1d135	SHA256 of 01cebc48016395e284ac76afc1816f143ee3e7b6	2026-05-11
FileHash-SHA256	f3b092e9770e7cde71b6684defa7972c800b3daf3336aae056b891ac9e8cb9aa	SHA256 of 9c7ab48c9fdbbeecdad8433529bdab38584f0e25	2026-05-11
IPv4	161.97.129.25	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	161.97.135.154	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	161.97.186.175	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	161.97.187.42	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	193.187.129.143	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
IPv4	38.242.204.245	CC=US ASN=AS51167 contabo gmbh	2026-05-11
IPv4	38.242.237.196	CC=US ASN=AS51167 contabo gmbh	2026-05-11
IPv4	83.171.249.231	CC=DE ASN=AS51167 contabo gmbh	2026-05-11
URL	https://cdn.cloudfront-js.com:8443/u	—	2026-05-11
domain	lastpass-login-help.com	—	2026-05-11
hostname	cdn.cloudfront-js.com	—	2026-05-11

References (1)

↗ https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/