IOC Radar
SHA256MediumSignal 87/100

dce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70

Location
United KingdomUnited Kingdom
First Seen
May 8, 2026
Last Seen
Jun 17, 2026
May 8
First Seen
56d ago
Jun 17
Last Seen
16d ago
7
Reports
source reports
87%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Feed Intelligence Summary

7 reports87% confidence
7
Source reports
87%
Confidence score
Category tags
abuseabusech-threatfox-c2caffiliate-programalienvault_ransomwarebad reputationc2ciscocommand & controlcrimecryptocurrencycsirt-americas malwareda6ah3data-leakeuropeexeexecutable filefilefile-hashgentlemen linuxgoceqc6skhktlindicatorinfostealerlinuxloadermacosmalwarentlm-relayobfuspayloadraasransomransomwareransomware-as-a-serviceresearchedrnuarbvf urlscriptstealersuspsystembct1003t1018t1021t1027t1048t1049t1059_001t1068t1070t1078t1083t1133t1190t1210t1219t1486t1489t1490t1550t1560t1562t1566the gentlementox-idsunited kingdomz5brjsogj789

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
7
Reports
First seenMay 8, 2026
Last seenJun 17, 2026

VirusTotal

Not checked

WHOIS

description
The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates.
references
https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/, https://ltna.com.au/cyber

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 16 days ago
Appeared in 7 threat reports