Thegentlemen

Also known as Phantom Mantis, ArmCorp, Zeta88, Hastalamuerte
Reports
124
First seen
Apr 27
Last seen
Jun 20
Motivation
extortion, financial, financial extortion

Targeting

Sectors
manufacturing ×29healthcare ×12technology ×8other ×7retail ecommerce ×7education ×7professional services ×6agriculture ×5
Victim regions
United States ×25France ×6Germany ×4Thailand ×4Netherlands ×3India ×3Spain ×2Malaysia ×2

Top ATT&CK techniques

T1486 Data Encrypted for Impact ×9T1190 Exploit Public-Facing Application ×6T1078 Valid Accounts ×4T1021 Remote Services ×3T1566 Phishing ×3T1562.001 Impair Defenses: Disable or Modify Tools ×3T1562 Impair Defenses ×2T1195 Supply Chain Compromise ×2T1070.001 Indicator Removal: Clear Windows Event Logs ×2T1021.001 Remote Services: Remote Desktop Protocol ×2T1053 Scheduled Task/Job ×2T1003 OS Credential Dumping ×2

Indicators

domain ×341ip_v4 ×163cve ×45filename ×24hash_md5 ×20hash_sha256 ×16hash_sha1 ×11email ×3bitcoin_address ×2hash_sha512 ×1url ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

Medium

Thegentlemen ransomware gang claims victim: hiddenn

ransomware.live
High

Thegentlemen claims Vera Chimie Management in ransomware extortion post

ransomware.live
High

Thegentlemen ransomware gang claims victim: Alexander Buch Bilanzbuchhalter

ransomware.live
High

Thegentlemen ransomware gang claims SGS Malaysia as victim

ransomware.live
High

Thegentlemen ransomware gang publishes TERRIO Therapy Fitness as victim

ransomware.live
High

Thegentlemen ransomware group publishes Ty Thac Co as victim

ransomware.live
High

Thegentlemen ransomware group claims Amigest, French IT integrator

ransomware.live
High

Thegentlemen ransomware operators claim Yudu Technology victim

ransomware.live
High

Thegentlemen ransomware gang publishes Burris MacOmber as victim

ransomware.live
High

Thegentlemen ransomware gang publishes Sertrans breach

ransomware.live
High

Thegentlemen ransomware gang publishes Groupe COFAQ as victim

ransomware.live
High

Thegentlemen ransomware gang claims Al Khaja Holding breach

ransomware.live
High

Thegentlemen publishes Athens Orthopedic Clinic as ransomware victim

ransomware.live
High

The Gentlemen RaaS Deploys GentleKiller EDR Framework Targeting 400 Security Processes

The Hacker News
High

Weekly Cybersecurity Recap: Chrome 0-Day, Oracle PeopleSoft Exploit, Supply Chain Attacks

The Hacker News
High

Thegentlemen ransomware gang claims Enciso Ltda breach

ransomware.live
High

Thegentlemen publishes South Texas Spinal Clinic as ransomware victim

ransomware.live
High

Thegentlemen publishes Mahajak Development as ransomware victim

ransomware.live
High

Thegentlemen publishes Calipage Humblet as ransomware victim

ransomware.live
High

Thegentlemen ransomware gang publishes Croatian Ministry of Health as victim

ransomware.live
High

Thegentlemen ransomware gang claims Palmer & Sicard

ransomware.live
High

Thegentlemen ransomware publishes Linnecken & Partner as victim

ransomware.live
High

Thegentlemen publishes Centre Medical Crowley as ransomware victim

ransomware.live
High

Thegentlemen ransomware gang publishes Executive Coach as victim

ransomware.live
High

Thegentlemen ransomware publishes Mackay Sugar as victim

ransomware.live
High

Thegentlemen claims SigmaControl (Dutch industrial automation) in ransomware extortion

ransomware.live
High

Thegentlemen ransomware gang publishes Buratti as victim

ransomware.live
High

Thegentlemen ransomware gang claims National Museum of Denmark

ransomware.live
High

Thegentlemen publishes Times Software as ransomware victim

ransomware.live
Medium

Thegentlemen ransomware gang claims new victim: Traublinger

ransomware.live

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.