LBIOC-20260071 - The Gentlemens Leak
The Gentlemen is a ransomware and extortion operation that became publicly known in the second half of 2025. It is believed to be a continuation or reorganization of previous ransomware affiliate activity linked to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte. ' The group uses SystemBC for command and control and deploys ransomware variants targeting both Windows and Linux systems. Underground sources report attempts to sell data allegedly connected to this group, but victim-specific or technical confirmation is lacking. The threat is assessed as medium severity based on available information.
AI Analysis
Technical Summary
The Gentlemen ransomware operation emerged publicly in late 2025 and rapidly escalated into a high-volume threat actor. It appears to be a reorganization of prior ransomware affiliates with connections to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte.' The operation uses SystemBC for command and control communications and deploys ransomware variants targeting both Windows and Linux platforms. While underground sources claim data sales linked to this group, there is insufficient victim-specific or technical detail to verify these claims. No known exploits in the wild or patches are associated with this threat, and it is not a cloud service.
Potential Impact
The threat involves ransomware and extortion activities that can impact both Windows and Linux systems. The operation's use of SystemBC for command and control suggests a sophisticated infrastructure. However, no specific victim impact details or confirmed data breaches are available. The medium severity rating reflects the potential for significant disruption and data compromise typical of ransomware operations, though concrete impact details remain limited.
Mitigation Recommendations
No official patches or fixes are available as this is an active ransomware operation rather than a software vulnerability. Organizations should follow standard ransomware defense best practices tailored to their environments. Since no vendor advisory or specific remediation guidance is provided, patch status is not applicable. Monitoring for indicators of compromise related to The Gentlemen and SystemBC, and applying relevant detection and response measures, is recommended.
Indicators of Compromise
- ip: 91.107.247.163
- hash: a88daa62751c212b7579a57f1f4ae8f8
- hash: c0979ec20b87084317d1bfa50405f7149c3b5c5f
- hash: 7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09
- hash: 408dd6ade80f2ebbc2e5470a1fb506f1
- hash: e00293ce0eb534874efd615ae590cf6aa3858ba4
- hash: 4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71
- hash: 3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235
- hash: 4200b46a93c6ab059e2b34ce200c4a5b
- hash: 42bcc743c71a9ea083c1c750a398110582796762
- hash: de1a114a2c5552387a1bbb61501bf129
- hash: d6aaed67606d6dab0f652c755d3d363025f60adb
- hash: 62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8
- hash: 0b33a1a23b044beb5c9a63aafd35595c
- hash: 00ff099e3cf7b548a7a0260cde8ac2f24a746da2
- hash: 860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923
- ip: 45.86.230.112
- hash: f4ae5b89db5a6a36dbd98287ab7c860a
- hash: 36d968425629b10f38be17787f8afe4b8afa131e
- hash: 992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5
- hash: 30b49ae2f685d4403d3013410f80c2e2
- hash: 5f5bf7fc7a9ac89ce0bbb07bd1160078
- hash: 6ae7c9a7ea0b8c40a64225734f6bd01d
- hash: 5264a94271d875675336a503c94ece0baceb58c5
- hash: 68225c5613afe2174ed46e074147676b0f9a3915
- hash: 8468cb5888fb383d25f9144c2b2f61c414cea3f8
- hash: 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a
- hash: 2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d
- hash: 48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd
- hash: 5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca
- hash: 87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c
- hash: 8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db
- hash: 91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1
- hash: 994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3
- hash: 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454
- hash: a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad
- hash: b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6
- hash: c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8
- hash: c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73
- hash: ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2
- hash: efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f
- hash: f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12
- hash: fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958
- hash: fe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68
- hash: 05e9d6d239ea29f0427b02a9bc903be7
- hash: 0a454a07e071971832985701bc6e9164
- hash: 0f9cd505df07e4ebfff3fe61b689e527
- hash: 1cc9ae55b1856e4e9796c73f94c2e683
- hash: 1e0f4cd09aa4464179933769b5009251
- hash: 3b46a729db7ae6af8b19711c9452194d
- hash: 4609cbac6772a6c61fcf2745cd3b4362
- hash: 7a89b347beb55f63dbcbcfc0beedbe43
- hash: 7b885b446bbd9b450146c88f84c64f30
- hash: 7f11809925adc6657e84165fdf780816
- hash: a2a13b8da7370f5f4753d81c7958dfcb
- hash: ed18c524e930cd1c34614f7cc3051dfc
- hash: ffb6011e7c82355046988166dd896930
- hash: 124b943f6e82135b4d680df111ce121a200606dc
- hash: 143cb70aede3ba09ae54e1da55c69f0129991f48
- hash: 23a468d7277902384875d4167a81164bc2bf6e72
- hash: 54a207ed34d83d1f71d34d4ad538e8221ffba259
- hash: 5aea74bf3e70f38eb596f8002b3c02514daee4f0
- hash: 5d4ae46c14371e20d99b42cc0a683f8d5ec326ad
- hash: 716e39bbc93fd4b394d9e6ef7c29aef1adc7dcb5
- hash: 83c6c1bb37c9071e569aa4b247e54ab763bbf5da
- hash: af4066ca0ae65ac63de6af60f46a9b23bb6dbfee
- hash: bd79aec521aa9f0cec374d57692b540b7b5a6ea8
- hash: d875d7e99f45c87e667dbebb8d8596182bdb94df
- hash: ebddc99a00bd7a5dcaf7b73349309d970e5c69b8
- hash: ef4b60f8162dfe20cb96dcae865a912e52459bb5
LBIOC-20260071 - The Gentlemens Leak
Description
The Gentlemen is a ransomware and extortion operation that became publicly known in the second half of 2025. It is believed to be a continuation or reorganization of previous ransomware affiliate activity linked to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte. ' The group uses SystemBC for command and control and deploys ransomware variants targeting both Windows and Linux systems. Underground sources report attempts to sell data allegedly connected to this group, but victim-specific or technical confirmation is lacking. The threat is assessed as medium severity based on available information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Gentlemen ransomware operation emerged publicly in late 2025 and rapidly escalated into a high-volume threat actor. It appears to be a reorganization of prior ransomware affiliates with connections to the Qilin ecosystem and the Russian-speaking actor 'hastalamuerte.' The operation uses SystemBC for command and control communications and deploys ransomware variants targeting both Windows and Linux platforms. While underground sources claim data sales linked to this group, there is insufficient victim-specific or technical detail to verify these claims. No known exploits in the wild or patches are associated with this threat, and it is not a cloud service.
Potential Impact
The threat involves ransomware and extortion activities that can impact both Windows and Linux systems. The operation's use of SystemBC for command and control suggests a sophisticated infrastructure. However, no specific victim impact details or confirmed data breaches are available. The medium severity rating reflects the potential for significant disruption and data compromise typical of ransomware operations, though concrete impact details remain limited.
Mitigation Recommendations
No official patches or fixes are available as this is an active ransomware operation rather than a software vulnerability. Organizations should follow standard ransomware defense best practices tailored to their environments. Since no vendor advisory or specific remediation guidance is provided, patch status is not applicable. Monitoring for indicators of compromise related to The Gentlemen and SystemBC, and applying relevant detection and response measures, is recommended.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- []
- Adversary
- The Gentlemen
- Pulse Id
- 6a043fa88d6fd92063164a04
- Threat Score
- null
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip91.107.247.163 | — | |
ip45.86.230.112 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hasha88daa62751c212b7579a57f1f4ae8f8 | — | |
hashc0979ec20b87084317d1bfa50405f7149c3b5c5f | — | |
hash7a311b584497e8133cd85950fec6132904dd5b02388a9feed3f5e057fb891d09 | — | |
hash408dd6ade80f2ebbc2e5470a1fb506f1 | — | |
hashe00293ce0eb534874efd615ae590cf6aa3858ba4 | — | |
hash4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71 | — | |
hash3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235 | — | |
hash4200b46a93c6ab059e2b34ce200c4a5b | — | |
hash42bcc743c71a9ea083c1c750a398110582796762 | — | |
hashde1a114a2c5552387a1bbb61501bf129 | — | |
hashd6aaed67606d6dab0f652c755d3d363025f60adb | — | |
hash62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8 | — | |
hash0b33a1a23b044beb5c9a63aafd35595c | — | |
hash00ff099e3cf7b548a7a0260cde8ac2f24a746da2 | — | |
hash860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923 | — | |
hashf4ae5b89db5a6a36dbd98287ab7c860a | — | |
hash36d968425629b10f38be17787f8afe4b8afa131e | — | |
hash992c951f4af57ca7cd8396f5ed69c2199fd6fd4ae5e93726da3e198e78bec0a5 | — | |
hash30b49ae2f685d4403d3013410f80c2e2 | — | |
hash5f5bf7fc7a9ac89ce0bbb07bd1160078 | — | |
hash6ae7c9a7ea0b8c40a64225734f6bd01d | — | |
hash5264a94271d875675336a503c94ece0baceb58c5 | — | |
hash68225c5613afe2174ed46e074147676b0f9a3915 | — | |
hash8468cb5888fb383d25f9144c2b2f61c414cea3f8 | — | |
hash025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a | — | |
hash2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d | — | |
hash48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd | — | |
hash5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca | — | |
hash87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c | — | |
hash8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db | — | |
hash91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1 | — | |
hash994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3 | — | |
hash9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454 | — | |
hasha7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad | — | |
hashb67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6 | — | |
hashc46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8 | — | |
hashc7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73 | — | |
hashec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2 | — | |
hashefaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f | — | |
hashf736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12 | — | |
hashfc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958 | — | |
hashfe1033335a045c696c900d435119d210361966e2fb5cd1ba3382608cfa2c8e68 | — | |
hash05e9d6d239ea29f0427b02a9bc903be7 | — | |
hash0a454a07e071971832985701bc6e9164 | — | |
hash0f9cd505df07e4ebfff3fe61b689e527 | — | |
hash1cc9ae55b1856e4e9796c73f94c2e683 | — | |
hash1e0f4cd09aa4464179933769b5009251 | — | |
hash3b46a729db7ae6af8b19711c9452194d | — | |
hash4609cbac6772a6c61fcf2745cd3b4362 | — | |
hash7a89b347beb55f63dbcbcfc0beedbe43 | — | |
hash7b885b446bbd9b450146c88f84c64f30 | — | |
hash7f11809925adc6657e84165fdf780816 | — | |
hasha2a13b8da7370f5f4753d81c7958dfcb | — | |
hashed18c524e930cd1c34614f7cc3051dfc | — | |
hashffb6011e7c82355046988166dd896930 | — | |
hash124b943f6e82135b4d680df111ce121a200606dc | — | |
hash143cb70aede3ba09ae54e1da55c69f0129991f48 | — | |
hash23a468d7277902384875d4167a81164bc2bf6e72 | — | |
hash54a207ed34d83d1f71d34d4ad538e8221ffba259 | — | |
hash5aea74bf3e70f38eb596f8002b3c02514daee4f0 | — | |
hash5d4ae46c14371e20d99b42cc0a683f8d5ec326ad | — | |
hash716e39bbc93fd4b394d9e6ef7c29aef1adc7dcb5 | — | |
hash83c6c1bb37c9071e569aa4b247e54ab763bbf5da | — | |
hashaf4066ca0ae65ac63de6af60f46a9b23bb6dbfee | — | |
hashbd79aec521aa9f0cec374d57692b540b7b5a6ea8 | — | |
hashd875d7e99f45c87e667dbebb8d8596182bdb94df | — | |
hashebddc99a00bd7a5dcaf7b73349309d970e5c69b8 | — | |
hashef4b60f8162dfe20cb96dcae865a912e52459bb5 | — |
Threat ID: 6a0449a6cbff5d8610a9807f
Added to database: 5/13/2026, 9:51:34 AM
Last enriched: 5/13/2026, 10:06:22 AM
Last updated: 5/13/2026, 10:11:29 PM
Views: 25
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.