MD5MediumSignal 98/100
adf675ffc1acb357f2d9f1a94e016f52
Location
First Seen
Sep 17, 2025
Last Seen
Jun 17, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
13 reports98% confidence
13
Source reports
98%
Confidence score
Category tags
abuseabusech-threatfox-c2caffiliate-programalienvault_ransomwareapacapt activityashen lepusautobabukbabykbad reputationbitcoinaddressblock-or-filter-listbotnetbotnet activitybrute forcebyovdc2ciscocobalt strikecommand & controlcommand and controlcommand executioncredential accesscredential stuffingcredential theftcredential-theftcryptocurrencydata encryptiondata exfiltrationdata store exposuredata theftdata-exfiltrationdata-leakdataleakdefense evasiondefense-evasiondetect-debug-environmentdistributed attacksdll hijackingdouble extortiondragonforcedual extortiondual-extortionelectronic health recordsencryptionesxieuropeevasionexeexecutable fileexfiltrationexploitexploitation activityextortionfile-hashfortinetfortiosgentlemen linuxgentlemen ransomwaregpo modificationgroup policyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationidleimpair defensesindicatorinfostealerinhibit system recoveryinjection activityjameswt_wtlateral movementlateral-movementlinuxlocal diskslockbit 5.0luca stealermakop ransomwaremalicious powershell activitymalicious softwaremalwaremalware distributionmedical servicesmedusamobile threatnetwork drivesngate android malwarentlm-relayoperating systempatient carepayloadpeexeperuphatom ravenpowershellprocess injectionpublicpython malwareqilinraasransomwareransomware activityransomware infectionransomware operationsransomware-as-a-serviceremote servicesresearchedscheduled tasksscripting attacksshared secretsneaky malwaresouth americasubkeysystem disruptionsystembct1003t1018t1021t1021.001t1021.002t1027t1041t1047t1048t1049t1053t1053.005t1055t1059t1059.001t1059.003t1059.006t1068t1069.001t1070t1070.001t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1098t1105t1110.001t1112t1133t1135t1136.002t1190t1204t1204.002t1210t1218t1219t1222t1484.001t1486t1489t1490t1496t1499.002t1499.003t1543.003t1547t1547.001t1550t1560t1562t1562.001t1565t1566t1569.002t1574the gentlementhhaibethreat actortor nodetox-idsunited kingdomunknown groupunsigned driversvasa lockervulnerability scanwin32 malwarewindowswindows malwarewmixchacha20xloader
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
13
Reports
First seenSep 17, 2025
Last seenJun 17, 2026
VirusTotal
Not checked
WHOIS
- description
- Payload_Delivery indicators. Date: Apr 3, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber
- references
- https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/, https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/, https://www.cybereason.com/blog/the-gentlemen-ransomware, https://ltna.com.au/cyber, IOCs.2026.pdf, IOCs.2026.2.csv, https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html, Book2.csv, Nov.Week2.csv, https://asec.ahnlab.com/ko/91514/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 17 days ago
Appeared in 13 threat reports