IOC Radar
SHA1MediumSignal 99/100

42bcc743c71a9ea083c1c750a398110582796762

Location
GermanyGermany
First Seen
Nov 20, 2025
Last Seen
Jun 17, 2026
Nov 20
First Seen
222d ago
Jun 17
Last Seen
12d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseabuse_ch_hashaffiliate-programalienvault_ransomwareanydeskapt activitybabukbabykbad reputationbotnetbotnet activitybrazilbreachforums partnershipbrute forceciscocobalt strikecobalt-strikecobaltstrikecommand and controlcredential stuffingcredential theftcredential-theftcryptocurrencydata encryptiondata exfiltrationdata store exposuredata-exfiltrationdata-leakdataleakdefense evasiondefense-evasiondistributed attacksdomain-compromisedouble extortiondragonforcedual-extortionencoderencryptionesxiesxi-encryptioneuropeexeexecutable fileexploitexploitation activityextortionfile-hashfinance and insurancefortiosgentlemen linuxgermanygo binarygroup-policy-deploymentidentity & access exploitationindicatorinjection activitykillavkodadrlarva-368lateral movementlateral-movementlinuxlockbit 5.0malicious softwaremalwaremalware distributionmedusamobile threatngate android malwarenorth americantlm-relayoperating systemphatom ravenprocess injectionpsexecqilinraasransomwareransomware operationsransomware-as-a-serviceresearchedsneaky malwaresouth americastorm-2697system disruptionsystembcsystembc ct1003t1016t1018t1021t1021.001t1021.002t1021.006t1027t1033t1036.004t1036.005t1037.004t1041t1047t1048t1049t1053t1053.003t1053.005t1055t1057t1059t1059.001t1059.003t1059.006t1060t1068t1069.001t1069.002t1070t1070.001t1070.003t1070.004t1070.006t1071t1071.001t1078t1082t1083t1087.002t1090t1090.003t1098t1105t1106t1110.001t1112t1133t1135t1136.002t1140t1190t1204t1204.002t1210t1219t1482t1484.001t1486t1489t1490t1491.001t1496t1497t1499.002t1499.003t1518.001t1529t1543.003t1547.001t1547.009t1550t1555t1560t1562t1562.001t1562.004t1562.007t1565t1566t1569t1569.002t1570t1573t1573.002the gentlementhreat actortor nodetox-idsunited kingdomunited statesvasa lockerwindowsxchacha20 encryptionxloaderyara

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenNov 20, 2025
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

references
https://darkatlas.io/blog/how-a-go-binary-locks-down-enterprise-networks-in-minutes-the-story-behind-gentlemen-ransomware, https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/, https://research.checkpoint.com/2026/dfir-report-the-gentlemen/, https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/, https://www.cybereason.com/blog/the-gentlemen-ransomware, IOCs.csv, IOCs.2026.csv, IOCs.April.pdf, https://ltna.com.au/cyber, IOCs.2026.pdf, Nov.Week2.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 12 days ago
Appeared in 11 threat reports