LBIOC-20260071 - The Gentlemens Leak
· Published 13/05/2026 11:08 · Modified 13/05/2026 10:03
Essential information
- Published
- 13/05/2026 11:08
- Modified
- 13/05/2026 10:03
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- affiliate data-leak extortion hastalamuerte killav linux powerrun qilin ransomware systembc the gentlemen windows
- Tags
- 2026-05-13 affiliate data leak extortion hastalamuerte killav linux powerrun qilin ransomware systembc the gentlemen windows
- Related entities
- 26 indicators, 26 observables, 1 intrusion sets (apt), 20 techniques (mitre), 4 malware
Description
The Gentlemen is an active ransomware and extortion operation that emerged publicly in the second half of 2025, rapidly escalating into a high-volume threat actor. The group appears to be a continuation or reorganization of prior ransomware affiliate activity, with reported connections to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte.' This growth likely reflects existing ransomware experience, affiliate relationships, and access to established resources. Underground sources indicate attempts to sell data allegedly connected to The Gentlemen ransomware activity, though the available information lacks sufficient victim-specific or technical details to confirm authenticity. The operation utilizes SystemBC for command and control communications and deploys ransomware variants targeting both Windows and Linux systems.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Indicators (26)
-
45.86.230.112 -
91.107.247.163 -
994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3 -
b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6 -
5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca -
8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db -
c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8 -
c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73 -
87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c -
025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a -
9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454 -
a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad -
91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1 -
860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923 -
fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68 -
4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71 -
ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2 -
2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d -
3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235 -
efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f -
992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5 -
62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8 -
7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09 -
48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd -
f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12 -
fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958
Observables (26)
45.86.230.11291.107.247.163994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e65dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892dbc46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a7387d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e684c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd22ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a562c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb87a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d0948d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fdf736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:02 · Modified 27/05/2026 15:52
Techniques (MITRE) (20)
-
Process Discovery
-
Windows Management Instrumentation
-
Virtualization/Sandbox Evasion
-
Service Stop
-
Encrypted Channel
-
Inhibit System Recovery
-
Proxy
-
System Network Configuration Discovery
-
User Execution
-
Data Encrypted for Impact
-
Remote System Discovery
-
Obfuscated Files or Information
-
System Services
-
Ingress Tool Transfer
-
System Shutdown/Reboot
-
Command and Scripting Interpreter
-
Application Layer Protocol
-
File and Directory Discovery
-
System Information Discovery
-
System Network Connections Discovery
Malware (4)
-
FamilyPublished 13/05/2026 09:08 · Modified 13/05/2026 09:08
-
FamilyPublished 13/05/2026 09:08 · Modified 13/05/2026 09:08
-
FamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
FamilyPublished 28/05/2026 19:56 · Modified 28/05/2026 19:56