The Gentleman Ransomware | Defense Evasion TTPs Uncovered | Huntress
ID: 5b5ae8e2-a1bf-5dfe-bcea-4309f4958bbf
STIX ID: report--5b5ae8e2-a1bf-5dfe-bcea-4309f4958bbf
Feed Name: Huntress Blog
Threat Score
A Huntress SOC report details two post‑incident investigations of The Gentlemen ransomware (a RaaS operation), describing how attackers used compromised accounts/RDP, Scheduled Tasks, and extensive PowerShell commands to disable Defender, add exclusions, persist via a malicious svchost32.exe, clear key Windows event logs, and encrypt files; the report includes IoCs (filenames, hashes, C2 IPs, hostnames), references a leaked internal database revealing operator tradecraft, and provides prioritized defensive recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.