The Gentlemen
· Published 21/12/2025 16:02 · Modified 27/05/2026 15:52
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 16:02
- Modified
- 27/05/2026 15:52
- Updated at
- 27/05/2026 15:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 8 reports, 90 attack patterns (mitre), 15 malware, 8 sectors, 5 countries, 48 indicators, 6 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (8)
-
AlienVault Confidence 100 1 CVE 20 MITREs 4 Malwares 3 IOCs 3 Observables 1 APTPublished 10/06/2026 13:58 · Modified 10/06/2026 14:01 · threat-report
-
AlienVault Confidence 100 1 CVE 20 MITREs 3 Malwares 3 IOCs 3 Observables 1 APTPublished 22/05/2026 01:03 · Modified 22/05/2026 06:43 · threat-report
-
3 CVEs 20 MITREs 2 Malwares 33 Observables 1 APTPublished 13/05/2026 16:46 · Modified 14/05/2026 08:39
-
AlienVault Confidence 100 20 MITREs 4 Malwares 26 IOCs 26 Observables 1 APTPublished 13/05/2026 11:08 · Modified 13/05/2026 10:03 · threat-report
-
46 MITREs 6 Malwares 27 Observables 1 APTPublished 20/04/2026 15:00 · Modified 20/04/2026 16:54
-
AlienVault Confidence 100 4 CVEs 11 MITREs 7 Malwares 4 IOCs 4 Observables 1 APTPublished 20/03/2026 09:24 · Modified 20/03/2026 08:46 · threat-report
-
17 MITREs 1 Malware 1 APTPublished 19/11/2025 08:48 · Modified 19/11/2025 09:54
-
13 MITREs 1 APTPublished 09/09/2025 11:34 · Modified 09/09/2025 22:08
Attack patterns (MITRE) (90)
-
T1219 usesRemote Access Tools
-
T1573.002 usesAsymmetric Cryptography
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1071 usesApplication Layer Protocol
-
T1021.004 usesSSH
-
T1106 usesNative API
-
T1550 usesUse Alternate Authentication Material
-
T1071.001 usesWeb Protocols
-
T1543.003 usesWindows Service
-
T1060 uses
-
T1190 usesExploit Public-Facing Application
-
T1133 usesExternal Remote Services
Malware (15)
-
mimikatz usesFamilyPublished 11/05/2026 16:15 · Modified 11/05/2026 16:15
-
PowerRun usesFamilyPublished 13/05/2026 09:08 · Modified 13/05/2026 09:08
-
AnyDesk usesFamilyPublished 10/06/2026 11:58 · Modified 10/06/2026 11:58
-
Medusa usesFamilyPublished 06/04/2026 20:26 · Modified 06/04/2026 20:26
-
SystemBC usesFamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
FamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Babyk usesFamilyPublished 09/10/2025 20:09 · Modified 09/10/2025 20:09
-
LockBit 5.0 usesFamilyPublished 20/03/2026 08:24 · Modified 20/03/2026 08:24
-
Babuk - S0638 usesFamilyPublished 20/03/2026 08:24 · Modified 20/03/2026 08:24
-
KillAV usesFamilyPublished 13/05/2026 09:08 · Modified 13/05/2026 09:08
-
Qilin usesFamilyPublished 09/06/2026 15:50 · Modified 09/06/2026 15:50
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
Sectors (8)
- Government targets
- Manufacturing targets
- Healthcare targets
- Construction targets
- Insurance services targets
- Transportation targets
- Finance targets
- Technology targets
Countries (5)
- Thailand targets
- United Kingdom of Great Britain and Northern Ireland targets
- United States of America targets
- Germany targets
- Brazil targets
Indicators (48)
-
22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67indicates -
025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712aindicates -
cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78eindicates -
fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958indicates -
http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/indicates -
1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2indicates -
c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8indicates -
992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5indicates -
fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68indicates -
994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3indicates -
51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2indicates -
dfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6indicates
Vulnerabilities (CVE) (6)
CVE-2024-55591
KEV
9.8
Critical
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through …
- Attack vector
- Network
- Published
- 14/01/2025
- Modified
- 27/05/2026
CVE-2025-33073
KEV
8.8
High
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 27/05/2026
CVE-2025-32433
KEV
10.0
Critical
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may …
- Attack vector
- Network
- Published
- 09/06/2025
- Modified
- 27/05/2026
CVE-2023-27532
KEV
7.5
High
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within …
- Attack vector
- Network
- Published
- 22/08/2023
- Modified
- 27/05/2026
CVE-2025-32463
KEV
9.3
Critical
Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) …
- Attack vector
- Local
- Published
- 29/09/2025
- Modified
- 27/05/2026
CVE-2024-37085
KEV
6.8
Medium
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an …
- Attack vector
- Network
- Published
- 30/07/2024
- Modified
- 27/05/2026