SHA256MediumSignal 87/100
1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2
Location
First Seen
Apr 20, 2026
Last Seen
May 29, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports87% confidence
6
Source reports
87%
Confidence score
Category tags
abuseabusech-threatfox-c2caffiliate-programalienvault_ransomwarebad reputationc2ciscocommand & controlcrimecryptocurrencycsirt-americas malwareda6ah3data-leakeuropeexeexecutable filefilefile-hashgentlemen linuxgoceqc6skindicatorinfostealerloadermalwarentlm-relaypayloadraasransomransomwareransomware-as-a-serviceresearchedrnuarbvf urlscriptstealersuspsystembct1003t1018t1021t1048t1049t1059_001t1068t1070t1078t1083t1133t1190t1210t1219t1486t1489t1490t1550t1560t1562t1566the gentlementox-idsunited kingdomz5brjsogj789
Activity Timeline
May 29May 29
Threat Activity Heatmap
· Peak: 2026-05-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
6
Reports
First seenApr 20, 2026
Last seenMay 29, 2026
VirusTotal
Not checked
WHOIS
- description
- The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 months ago · Last seen 1 month ago
Appeared in 6 threat reports