jordiserrano.meClickFixKAIROSIntelTracker
Panel de inteligencia » BushidoUK RVM Profile: TheGentlemen

BushidoUK RVM Profile: TheGentlemen

Threat-actor 1 min lectura thegentlemen
Fecha
18 Jun 2026
Actor
thegentlemen
Tipo
Threat-actor
Pais
United Kingdom
Sector
-
Confianza
high
65
Prioridad analitica
Media

Basado en actor, pais, IOCs, TTPs, filtracion y calidad de contexto.

3IOCs
0TTPs
thegentlemenActor
United KingdomPais
Executive Summary
Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

Key Points

  • Source: BushidoUK RVM GroupProfiles
  • BushidoUK RVM Repository

Group Profile: TheGentlemen

Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

TheGentlemen's Exploited Vulnerabilities

> [!NOTE]

> This is the list of vulnerabilities that have been observed during intrusions that lead to TheGentlemen ransomware deployment or data exfiltration and leaks published to TheGentlemen's Tor Site

Fortinet

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| FortiOS & FortiProxy | CVE-2024-55591 | TheGentlemen | checkpoint.com |

Cisco

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Erlang/OTP SSH server | CVE-2025-32433 | TheGentlemen | checkpoint.com |

Windows

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SMB Client | CVE-2025-33073 | TheGentlemen | checkpoint.com |

| SmartScreen | CVE-2024-21412 | TheGentlemen | ransom-isac.com |

| Local Security Authority (LSA) | CVE-2021-36942 ("PetitPotam") | TheGentlemen | kelacyber.com |

| NetLogon | CVE-2020-1472 ("ZeroLogon") | TheGentlemen | checkpoint.com |

MS Server Products

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SMBv1 | CVE-2017-0144 ("EternalBlue") | TheGentlemen | kelacyber.com |

---

#### Sources

| Date Published | Report |

|---|---|

| 13 May 2026 | https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/ |

| 14 May 2026 | https://www.kelacyber.com/blog/the-gentlemen-ransomware-internal-chat-leak-analysis-2026/ |

| 15 May 2026 | https://ransom-isac.com/blog/the-gentlemen-leak-analysis/ |

Referencias

Diamond Model

Adversary
thegentlemen
Ver perfil →
Victim
BushidoUK RVM Profile: TheGentlemen
United Kingdom
Capability
Threat-actor
Infrastructure
research.checkpoint.com
www.kelacyber.com
ransom-isac.com

Relations

Mapa de nodos relacionados por IOCs compartidos, actor, enlaces IntelTracker/OSINT, campanas y victimas observadas. Haz click en un nodo para abrir el post, filtro o fuente.

15 enlaces
Domain
research.checkpoint.com
IOC compartido
Domain
ransom-isac.com
IOC compartido
Domain
www.kelacyber.com
IOC compartido
IntelTracker / OSINT link
github.com
thegentlemen
enlace asociado al actor
IntelTracker / OSINT link
raw.githubusercontent.com
thegentlemen
enlace asociado al actor
Nodo actual
BushidoUK RVM Profile: TheGentlemen
thegentlemen · United Kingdom
Victima
BushidoUK ToolMatrix ThreatIntel: ExtraThreatIntel
ransom-isac.com www.kelacyber.com
IOC compartido
Victima
BushidoUK ToolMatrix GroupProfiles: TheGentlemen
ransom-isac.com www.kelacyber.com
IOC compartido
Victima
APTTrail: APT CAMARODRAGON indicators and references
research.checkpoint.com
IOC compartido
Victima
APTTrail: evapiks indicators and references
research.checkpoint.com
IOC compartido
Victima
APTTrail: APT INDIGOZEBRA indicators and references
research.checkpoint.com
IOC compartido
Victima
APTTrail: APT INDRA indicators and references
research.checkpoint.com
IOC compartido
Victima
APTTrail: APT RAMPANTKITTEN indicators and references
research.checkpoint.com
IOC compartido
Victima
APTTrail: APT RANCOR indicators and references
research.checkpoint.com
IOC compartido
Victima mismo actor
South Texas Spinal Clinic
15 Jun 2026
mismo actor
Victima mismo actor
Enciso Ltda
15 Jun 2026
mismo actor
Victima mismo actor
Calipage Humblet
15 Jun 2026
mismo actor
Victima mismo actor
Mahajak Development
15 Jun 2026
mismo actor
Victima mismo actor
Palmer Sicard
15 Jun 2026
mismo actor

Indicadores de Compromiso (IOCs)

TipoValorContextoOSINT
Domain research.checkpoint.com Extraido del contenido VT OffSec SOCRadar
Domain www.kelacyber.com Extraido del contenido VT OffSec SOCRadar
Domain ransom-isac.com Extraido del contenido VT OffSec SOCRadar

Referencias y enlaces

→ Perfil del actor thegentlemen en el blog → Ver thegentlemen en IntelTracker → Fuente OSINT: github.com→ Fuente OSINT: raw.githubusercontent.com → Buscar thegentlemen en APTTrail → Repositorio APTTrail → Mas incidentes en United Kingdom → Buscar en Google News → Analizar en VirusTotal → Feed RSS del blog
← Volver al panel de inteligencia

Incidentes recientes

Suǭrez&Clavera18 Jun 2026 · gunra MHE9 Logstica Ltda18 Jun 2026 · gunra Misericrdia de Santo Tirso18 Jun 2026 · qilin Direǜo Estacionamentos S.A.18 Jun 2026 · deadlock Br Cargolift Polska Sp. z o.o.18 Jun 2026 · deadlock www.someco.com18 Jun 2026 · lynx www.eastersealsia.org18 Jun 2026 · lynx Vera Chimie Management18 Jun 2026 · the-gentlemen