SHA1MediumSignal 99/100
42bcc743c71a9ea083c1c750a398110582796762
Location
First Seen
Nov 20, 2025
Last Seen
Jun 17, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseabuse_ch_hashaffiliate-programalienvault_ransomwareanydeskapt activitybabukbabykbad reputationbotnetbotnet activitybrazilbreachforums partnershipbrute forceciscocobalt strikecobalt-strikecobaltstrikecommand and controlcredential stuffingcredential theftcredential-theftcryptocurrencydata encryptiondata exfiltrationdata store exposuredata-exfiltrationdata-leakdataleakdefense evasiondefense-evasiondistributed attacksdomain-compromisedouble extortiondragonforcedual-extortionencoderencryptionesxiesxi-encryptioneuropeexeexecutable fileexploitexploitation activityextortionfile-hashfinance and insurancefortiosgentlemen linuxgermanygo binarygroup-policy-deploymentidentity & access exploitationindicatorinjection activitykillavkodadrlarva-368lateral movementlateral-movementlinuxlockbit 5.0malicious softwaremalwaremalware distributionmedusamobile threatngate android malwarenorth americantlm-relayoperating systemphatom ravenprocess injectionpsexecqilinraasransomwareransomware operationsransomware-as-a-serviceresearchedsneaky malwaresouth americastorm-2697system disruptionsystembcsystembc ct1003t1016t1018t1021t1021.001t1021.002t1021.006t1027t1033t1036.004t1036.005t1037.004t1041t1047t1048t1049t1053t1053.003t1053.005t1055t1057t1059t1059.001t1059.003t1059.006t1060t1068t1069.001t1069.002t1070t1070.001t1070.003t1070.004t1070.006t1071t1071.001t1078t1082t1083t1087.002t1090t1090.003t1098t1105t1106t1110.001t1112t1133t1135t1136.002t1140t1190t1204t1204.002t1210t1219t1482t1484.001t1486t1489t1490t1491.001t1496t1497t1499.002t1499.003t1518.001t1529t1543.003t1547.001t1547.009t1550t1555t1560t1562t1562.001t1562.004t1562.007t1565t1566t1569t1569.002t1570t1573t1573.002the gentlementhreat actortor nodetox-idsunited kingdomunited statesvasa lockerwindowsxchacha20 encryptionxloaderyara
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenNov 20, 2025
Last seenJun 17, 2026
VirusTotal
Not checked
WHOIS
- references
- https://darkatlas.io/blog/how-a-go-binary-locks-down-enterprise-networks-in-minutes-the-story-behind-gentlemen-ransomware, https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/, https://research.checkpoint.com/2026/dfir-report-the-gentlemen/, https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/, https://www.cybereason.com/blog/the-gentlemen-ransomware, IOCs.csv, IOCs.2026.csv, IOCs.April.pdf, https://ltna.com.au/cyber, IOCs.2026.pdf, Nov.Week2.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 7 months ago · Last seen 12 days ago
Appeared in 11 threat reports