IOC Radar
MD5MediumSignal 98/100

adf675ffc1acb357f2d9f1a94e016f52

Location
PeruPeru
First Seen
Sep 17, 2025
Last Seen
Jun 17, 2026
Sep 17
First Seen
291d ago
Jun 17
Last Seen
17d ago
13
Reports
source reports
98%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
MD5 Hash
MD5 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
MD5
Confidence
98%
Signal Score
98 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Feed Intelligence Summary

13 reports98% confidence
13
Source reports
98%
Confidence score
Category tags
abuseabusech-threatfox-c2caffiliate-programalienvault_ransomwareapacapt activityashen lepusautobabukbabykbad reputationbitcoinaddressblock-or-filter-listbotnetbotnet activitybrute forcebyovdc2ciscocobalt strikecommand & controlcommand and controlcommand executioncredential accesscredential stuffingcredential theftcredential-theftcryptocurrencydata encryptiondata exfiltrationdata store exposuredata theftdata-exfiltrationdata-leakdataleakdefense evasiondefense-evasiondetect-debug-environmentdistributed attacksdll hijackingdouble extortiondragonforcedual extortiondual-extortionelectronic health recordsencryptionesxieuropeevasionexeexecutable fileexfiltrationexploitexploitation activityextortionfile-hashfortinetfortiosgentlemen linuxgentlemen ransomwaregpo modificationgroup policyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationidleimpair defensesindicatorinfostealerinhibit system recoveryinjection activityjameswt_wtlateral movementlateral-movementlinuxlocal diskslockbit 5.0luca stealermakop ransomwaremalicious powershell activitymalicious softwaremalwaremalware distributionmedical servicesmedusamobile threatnetwork drivesngate android malwarentlm-relayoperating systempatient carepayloadpeexeperuphatom ravenpowershellprocess injectionpublicpython malwareqilinraasransomwareransomware activityransomware infectionransomware operationsransomware-as-a-serviceremote servicesresearchedscheduled tasksscripting attacksshared secretsneaky malwaresouth americasubkeysystem disruptionsystembct1003t1018t1021t1021.001t1021.002t1027t1041t1047t1048t1049t1053t1053.005t1055t1059t1059.001t1059.003t1059.006t1068t1069.001t1070t1070.001t1070.004t1071t1071.001t1078t1078.002t1082t1083t1086t1098t1105t1110.001t1112t1133t1135t1136.002t1190t1204t1204.002t1210t1218t1219t1222t1484.001t1486t1489t1490t1496t1499.002t1499.003t1543.003t1547t1547.001t1550t1560t1562t1562.001t1565t1566t1569.002t1574the gentlementhhaibethreat actortor nodetox-idsunited kingdomunknown groupunsigned driversvasa lockervulnerability scanwin32 malwarewindowswindows malwarewmixchacha20xloader

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
98
SIGNAL
Signal Score
98%
Confidence
13
Reports
First seenSep 17, 2025
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

description
Payload_Delivery indicators. Date: Apr 3, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber
references
https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/, https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/, https://www.cybereason.com/blog/the-gentlemen-ransomware, https://ltna.com.au/cyber, IOCs.2026.pdf, IOCs.2026.2.csv, https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html, Book2.csv, Nov.Week2.csv, https://asec.ahnlab.com/ko/91514/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 17 days ago
Appeared in 13 threat reports