← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thus Spoke…The Gentlemen
WHITE The Gentlemen AlienVault 2026-05-13 Modified: 2026-05-14
119
IOCs
HIGH VOLUME
On May 4th, 2026, The Gentlemen RaaS administrator acknowledged that an internal backend database called Rocket had been leaked, exposing nine accounts including zeta88, the program's effective administrator. The leak revealed internal discussions detailing initial access methods through Fortinet and Cisco edge appliances, NTLM relay, and credential logs, along with the group's role divisions and toolsets. Evidence shows evaluation of CVEs including CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. Leaked ransom negotiations showed a successful payment of 190,000 USD. The group reused stolen data from a UK software consultancy to attack a Turkish company, employing dual-pressure tactics during negotiations. Analysis of ransomware samples identified eight distinct affiliate TOX IDs, indicating the administrator actively participates in infections alongside managing the RaaS program.
cve-2025-32433raassystembcciscocryptocurrencycve-2024-55591fortinetdata-leakntlm-relaythe gentlemenaffiliate-programransomware-as-a-servicetox-idscve-2025-33073
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
The Gentlemen SystemBC
Indicators of Compromise (33 / 119 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a 2026-05-13
FileHash-SHA256 1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f 2026-05-13
FileHash-SHA256 1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2 2026-05-13
FileHash-SHA256 1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c 2026-05-13
FileHash-SHA256 22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67 2026-05-13
FileHash-SHA256 24ac3588fb8cfbff63b7fdfcbc7dec1f3c60e54e6f949dd69d68e89e0c89d966 2026-05-13
FileHash-SHA256 2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d 2026-05-13
FileHash-SHA256 3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235 2026-05-13
FileHash-SHA256 3c2182cb0bc7528829ef03f1b1745a92bcc47d917eb8870862488f21fdf1a6d6 2026-05-13
FileHash-SHA256 48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd 2026-05-13
FileHash-SHA256 4a175eed927c0a477eafb8aa35a93c191748acaa78ac7aecd8ea3c4cd868887c 2026-05-13
FileHash-SHA256 51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2 2026-05-13
FileHash-SHA256 5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca 2026-05-13
FileHash-SHA256 62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8 2026-05-13
FileHash-SHA256 6a3ab9e984a759d55af4e84487d1fc44683065cc9a1089d5aa4ad1c0e4e84a63 2026-05-13
FileHash-SHA256 788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19 2026-05-13
FileHash-SHA256 860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923 2026-05-13
FileHash-SHA256 87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c 2026-05-13
FileHash-SHA256 8aa0cb69ca2777001e0f4ba0eaab0841592710e4cc5ccd6b0b526d78bbd8bfba 2026-05-13
FileHash-SHA256 8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db 2026-05-13
FileHash-SHA256 91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1 2026-05-13
FileHash-SHA256 994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3 2026-05-13
FileHash-SHA256 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454 2026-05-13
FileHash-SHA256 a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad 2026-05-13
FileHash-SHA256 b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6 2026-05-13
FileHash-SHA256 c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8 2026-05-13
FileHash-SHA256 c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73 2026-05-13
FileHash-SHA256 dce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70 2026-05-13
FileHash-SHA256 dfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6 2026-05-13
FileHash-SHA256 ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2 2026-05-13
FileHash-SHA256 efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f 2026-05-13
FileHash-SHA256 f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12 2026-05-13
FileHash-SHA256 fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958 2026-05-13
References (1)
↗ https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/