IOC Radar
TLP:WHITE32 IOCs

The Gentlemen are knocking: сustom backdoors and evolving tactics

SE
Securelist
Published June 29, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTURE81.177.215.15CAPABILITYHavocNetScanPsExecVICTIMunknown
Adversary
Infrastructure(1)
Capability(3)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise32

TypeIndicatorConfidenceScoreFirst Seen
MD5adac9984b3cc43d66a0d33079bbec299
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5edb1c480295250dd1a38f3aa1357deae
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD5fdae2beb813778b4540a997706862096
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5608faf58353b65c45ef9833358ac3787
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD54be8bb62f0ebbcf4ce52c35ab6f794f5
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD56ae7c9a7ea0b8c40a64225734f6bd01d
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5407b6a136bbaa7172eb44ef9d08bb58a
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD5b9986a0f1f1f1a798dc3f0c59a80a1a3
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5b6b51508ad6f462c45fe102c85d246c8
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD5de1522f9219497632f30f8a6e72f26b6
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5846dc77c1246db20d976346e0e359502
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5eef8a950952696b018aa9c6da2f5d7ad
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD5b3e418d30312c1b2c58a791286868f42
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD53c471ebc947cdf32240a90ffadf49b13
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5ae0e536766788478263bf448a9381641
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5d12a5b36dd00586cc374a1cae43efed4
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5525ef6014f0ef20e44fe47c1d9980b69
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD5c2764744dcb4b0e1db79ca1e8bf65368
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD573f0a8c3ea794a04e80c32038249f044
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD58f0577d28c4ff5f71b149f444bfaba8e
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD53b46a729db7ae6af8b19711c9452194d
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD55537c708edb9a2c21f88e34e8a0f1744
abuseactive directoryactive scan
High
77
Jun 8, 22
MD510ca9a4040001560d053b7e7885c1b95
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD502944c8a5535cdb5b2cbb893db2d5acf
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD55f0b2c6d9f442754258bf4dd841c8341
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD553c616677bc7e2a0a03127f19166d007
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5d2f72897e8986303d5567eb2384932b8
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD5554e699c96b332468f1ae69c1ae81ef9
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
MD55c3b9821fc82a9028cb63b9671950919
exploitfile-hashintel-blog
Medium
53
Jun 29, 26
IP81.177.215.15
c2intel-blogmalware
High
58
Jun 29, 26
MD55761bd63da03686fc480245da7bd1e9f
file-hashintel-blogmalware
Medium
53
Jun 29, 26
MD59321a61a25c7961d9f36852ecaa86f55
file-hashintel-blogmalware
Medium
53
Jun 29, 26

IOC Relationship Graph

IOC Relationship Graph32 total IOCs
MD5IP
MD531IP1Malware3REPORTThe Gentlemen are knockingHavocNetScanPsExec
scroll to zoom · drag to pan · click IOC to open