← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thus Spoke…The Gentlemen
WHITE The Gentlemen AlienVault 2026-05-13 Modified: 2026-05-14
119
IOCs
HIGH VOLUME
On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.
cve-2025-32433raassystembcciscocryptocurrencycve-2024-55591fortinetdata-leakntlm-relaythe gentlemenaffiliate-programransomware-as-a-servicetox-idscve-2025-33073
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
The Gentlemen SystemBC
Indicators of Compromise (56 / 119 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 03860d116701cdc9d9bf9c45099bb3d3 2026-05-13
FileHash-MD5 05e9d6d239ea29f0427b02a9bc903be7 2026-05-13
FileHash-MD5 0a454a07e071971832985701bc6e9164 2026-05-13
FileHash-MD5 0b33a1a23b044beb5c9a63aafd35595c 2026-05-13
FileHash-MD5 0f9cd505df07e4ebfff3fe61b689e527 2026-05-13
FileHash-MD5 11e7baca7e652995b2364fdab0d362b7 2026-05-13
FileHash-MD5 1cc9ae55b1856e4e9796c73f94c2e683 2026-05-13
FileHash-MD5 1e0f4cd09aa4464179933769b5009251 2026-05-13
FileHash-MD5 2cd4eb358c45ca783a20ec854a5a860c 2026-05-13
FileHash-MD5 2e5d1a352885a6efd84dbc0387cbc79e 2026-05-13
FileHash-MD5 30b49ae2f685d4403d3013410f80c2e2 2026-05-13
FileHash-MD5 3b46a729db7ae6af8b19711c9452194d 2026-05-13
FileHash-MD5 3b7b4f2d33bdfb8a31b480d0eb2815cd 2026-05-13
FileHash-MD5 4200b46a93c6ab059e2b34ce200c4a5b 2026-05-13
FileHash-MD5 4609cbac6772a6c61fcf2745cd3b4362 2026-05-13
FileHash-MD5 4a94d2b730a5a63e6cd54a9b0bb4ea71 2026-05-13
FileHash-MD5 4e0c37cbf4dde9683943c8a738e5b00a 2026-05-13
FileHash-MD5 51dec3e170f8a181cc9aea8dcc90c7ab 2026-05-13
FileHash-MD5 583fe1c1a39f6b873a5c0997bea1f657 2026-05-13
FileHash-MD5 5f5bf7fc7a9ac89ce0bbb07bd1160078 2026-05-13
FileHash-MD5 697f182826495662427ca49edbb345fc 2026-05-13
FileHash-MD5 6ae7c9a7ea0b8c40a64225734f6bd01d 2026-05-13
FileHash-MD5 6f1ece39f46345ff8f0327a93af2312b 2026-05-13
FileHash-MD5 71d503709af88821c183a1d0b7ae06ec 2026-05-13
FileHash-MD5 721606b3659f2c2d80a196ed3cd60053 2026-05-13
FileHash-MD5 735069890a414869f0113de820ba9afb 2026-05-13
FileHash-MD5 74ea100b581ec32ea6c2ac2a0030a9f6 2026-05-13
FileHash-MD5 776e86c13433747299a4e5f9f22e3415 2026-05-13
FileHash-MD5 7a262d4cbbc4808932b6af42c4041f06 2026-05-13
FileHash-MD5 7a89b347beb55f63dbcbcfc0beedbe43 2026-05-13
FileHash-MD5 7aae8fd9187c88dd0292cce1abd050e2 2026-05-13
FileHash-MD5 7b885b446bbd9b450146c88f84c64f30 2026-05-13
FileHash-MD5 7f11809925adc6657e84165fdf780816 2026-05-13
FileHash-MD5 81a578e065da1ccd8c81a8e90c309275 2026-05-13
FileHash-MD5 82160a7da5fc4c935e6f48d38a5aaaa6 2026-05-13
FileHash-MD5 893f735e9a8cc9814dc6eccd5579561c 2026-05-13
FileHash-MD5 8ee42d16a9381d726591ddc551863931 2026-05-13
FileHash-MD5 8fceea4fd9ce32dd620ccd580297c7c5 2026-05-13
FileHash-MD5 92d8bd2a6ee7f6d5c84e037066ce0539 2026-05-13
FileHash-MD5 a023a6b15419600dc3f6b93e11761dfe 2026-05-13
FileHash-MD5 a2a13b8da7370f5f4753d81c7958dfcb 2026-05-13
FileHash-MD5 a73526d89e5fb7b57f50d8da340e53e9 2026-05-13
FileHash-MD5 abd11823ddcc3d746ad8621e677a93eb 2026-05-13
FileHash-MD5 adf675ffc1acb357f2d9f1a94e016f52 2026-05-13
FileHash-MD5 b1254b99d30873de20ea99fbca371ac3 2026-05-13
FileHash-MD5 b5b42ac289581b3387ebf120129a19a6 2026-05-13
FileHash-MD5 b68e019efb39b85f5a0326e22fd4498a 2026-05-13
FileHash-MD5 b8683f466e936e45a5ca715c2845563c 2026-05-13
FileHash-MD5 bc6b87c79bc71a78da623d031ec1a958 2026-05-13
FileHash-MD5 c9d004384de06bbc53724b1431dc0fde 2026-05-13
FileHash-MD5 d75246d230f22b1da6bbf5fceeed2ef2 2026-05-13
FileHash-MD5 da9cff1b478b64d47b68d50330e96c60 2026-05-13
FileHash-MD5 de1a114a2c5552387a1bbb61501bf129 2026-05-13
FileHash-MD5 ead0d7a8ae0a6ffb7f0a5873fec4ff5e 2026-05-13
FileHash-MD5 ed18c524e930cd1c34614f7cc3051dfc 2026-05-13
FileHash-MD5 ffb6011e7c82355046988166dd896930 2026-05-13
References (1)
↗ https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/