← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LBIOC-20260071 - The Gentlemens Leak
WHITE The Gentlemen AlienVault 2026-05-13 Modified: 2026-05-13
70
IOCs
HIGH VOLUME
The Gentlemen is an active ransomware and extortion operation that emerged publicly in the second half of 2025, rapidly escalating into a high-volume threat actor. The group appears to be a continuation or reorganization of prior ransomware affiliate activity, with reported connections to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte.' This growth likely reflects existing ransomware experience, affiliate relationships, and access to established resources. Underground sources indicate attempts to sell data allegedly connected to The Gentlemen ransomware activity, though the available information lacks sufficient victim-specific or technical details to confirm authenticity. The operation utilizes SystemBC for command and control communications and deploys ransomware variants targeting both Windows and Linux systems.
hastalamuertelinuxsystembcransomwarethe gentlemenaffiliatedata-leakwindowspowerrunkillavqilinextortion
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
The Gentlemen SystemBC KillAV PowerRun
Indicators of Compromise (24 / 70 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5 2026-05-13
FileHash-SHA256 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a 2026-05-13
FileHash-SHA256 2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d 2026-05-13
FileHash-SHA256 3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235 2026-05-13
FileHash-SHA256 48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd 2026-05-13
FileHash-SHA256 4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71 2026-05-13
FileHash-SHA256 5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca 2026-05-13
FileHash-SHA256 62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8 2026-05-13
FileHash-SHA256 7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09 2026-05-13
FileHash-SHA256 860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923 2026-05-13
FileHash-SHA256 87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c 2026-05-13
FileHash-SHA256 8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db 2026-05-13
FileHash-SHA256 91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1 2026-05-13
FileHash-SHA256 994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3 2026-05-13
FileHash-SHA256 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454 2026-05-13
FileHash-SHA256 a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad 2026-05-13
FileHash-SHA256 b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6 2026-05-13
FileHash-SHA256 c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8 2026-05-13
FileHash-SHA256 c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73 2026-05-13
FileHash-SHA256 ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2 2026-05-13
FileHash-SHA256 efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f 2026-05-13
FileHash-SHA256 f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12 2026-05-13
FileHash-SHA256 fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958 2026-05-13
FileHash-SHA256 fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68 2026-05-13