Advertisement · 728 × 90

Posts by THE RAVEN FILE

🎵Summertime Sadness - Lana Del Rey
🎵Smells like Team Spirit - Nirvana
🎵Wake me Up - Avicii
🎵揺れた歪んだ世界にだんだん僕は - Unravel by Tokyo Ghoul

1 week ago 0 0 0 0
Post image

🔐🎵 #EMBARGO #RANSOMWARE - ADDING LYRICS AS MUTEX

📌KissMeHardBeforeYouGo
📌LoadUpOnGunsBringYourFriends
📌WakeMeUpWhenItsAllOver
📌揺れた歪んだ世界にだんだん僕は

Sample: github.com/TheRavenFile...

#Security #Infosec #OSINT #ThreatIntelligence #Hack #ThreatIntel #DarkWeb #Malware

1 week ago 1 0 1 0
Preview
TENGU RANSOMWARE NOTE: This is the initial report of Tengu Ransomware. The detailed version will be updated in the same post when newer information gets uncovered. The most important part of this post is “THR…

TENGU RANSOMWARE

#Tengu #Ransomware #Security #infosec #OSINT #darkweb #cybersecurity #ThreatIntelligence #ThreatIntel

theravenfile.com/2026/03/10/t...

2 weeks ago 3 0 0 0
Post image

🔒LockBit adopted a clean Host for their TORRENT LEAK!

START2 LLC - A 13-year old Russian BGP Network (AS61400) with less malicious sightings!

📍185.16.215.189 🇷🇺
📍185.16.215.140 🇷🇺
🏢 Start2 LLC 🇷🇺

#Lockbit #Ransomware #DataBreach #DarkWeb #Data #ThreatIntel #CyberSecurity #CyberSec #Infosec

3 weeks ago 0 0 0 0
Post image

Akira Ransomware Negotiation

#Akira #Ransomware #Security #DarkWeb #Infosec #CyberSecurity #DataBreach #Dataleak #Privacy #Infostealer #Malware #FBI #CISA #OSINT

1 month ago 0 0 0 0
Preview
0APT RANSOMWARE: The Real FAKE! NOTE: This is the initial analysis of 0APT Group, which was later found to be fake. However, I have released 4 new samples along with the Linux Variant of 0APT Ransomware through this.  INTROD…

Latest Research Article on 0APT Ransomware Group!

theravenfile.com/2026/02/14/0...

1 month ago 0 0 0 0
Preview
LOGICAL LIMITATIONS OF AI MODELS IN THREAT INTELLIGENCE NOTE: This is an experimental overview of various Threat Intelligence parameters designed to evaluate the performance of AI Agents (LLM Models). The testing was carried out in June 2025 and Repeate…

🚨NEW RESEARCH ALERT: LOGICAL LIMITATIONS OF AI MODELS IN THREAT INTELLIGENCE

theravenfile.com/2026/02/05/l...

#Google #Microsoft #AI #LLM #AIModel #ThreatIntelligence #ThreatHunting #OSINT #CyberSecurity #CyberSec #Infosec #Hack #PromptInjection #ChatGPT #Gemini #Phishing #OpenAI

1 month ago 1 1 0 0

6oeuvb4fq65xlrft2ezxjmkeqnu7oafbsevrr3ocer27wft6ivvhstqd.onion
ryrw2ojab62yij4y33ssfgvm2d2vwt3tcqetu6qmpwznqhooqxz3wpqd.onion

2 months ago 0 0 0 0
Post image Post image

#GUNRA #RANSOMWARE INTEL

theravenfile.com/2025/09/23/g...

nsnhzysbntsqdwpys6mhml33muccsvterxewh5rkbmcab7bg2ttevjqd.onion
tgsst34i6z4mwdj2kpigixxb3k3xfz7xhuqnsowvfvyu3snm6nv4s5ad.onion
myeli53ogsryjg2kob4xqxtwkr5oc5zj7jr5fcfizpytwe566k5thxyd.onion

#security #hack #DarkWeb #OSINT #malware #TOR

2 months ago 0 0 1 0
Advertisement
Post image

Lockbit Ransomware new Torrent Domains

theravenfile.com/2024/06/26/t...

#lockbit #ransomware #databreach #security #OSINT #darkweb #infosec #hack

2 months ago 0 0 0 0
Preview
REVISITING MEDUSA LOCKER RANSOMWARE NOTE: This Research was kicked off as I found the Old TOR Domain of the group is being redirected to the current Onion URL, and new samples are found This article is a fresh take as of December 202…

🚨 #MedusaLocker #Ransomware Resurges in 2025 – Don't Confuse it with "Medusa" Group! 🐍🔒

2025 Spike
Hosted 🇷🇺
Old Onion → New Onion🧅♻️
#NodeJS Ticketing Exposed

theravenfile.com/2025/12/24/r...

#ThreatIntel #infosec #IOCs #CyberSecurity #security #DarkWeb #Malware #TOR #Malware

3 months ago 0 0 0 0

💡Out of 9 above mentioned IPs, 5 are overlapped with Clop Ransomware 0-Day EBS Data Leak Batch
💡This strongly suggests that a shared network (for Torrent) is seen among Ransomware Groups

3 months ago 0 0 0 0

💡LockBit continues to serve the Data Leaks via same Servers which were active a couple of months back!
💡All the IPs recorded are from Russia 🇷🇺
💡Interestingly, Cl0p Ransomware group also makes use of same network for their Data Leaks (via Torrent)

3 months ago 0 0 1 0
Post image

🌊 LOCKBIT 5.0 Data Leaks from same Torrent Nodes 🇷🇺

31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.227
31.200.249.231
31.200.249.233
31.200.249.237
185.183.34.95
185.191.59.69

#LockBit #Ransomware #Security #Infosec #OSINT #Clop #Cl0p #DataLeak #DataBreach #DarkWeb #Malware

3 months ago 0 0 1 0
Preview
REACT2SHELL: EXPLOITATION IN THE WILD NOTE: This is not a technical breakdown of the React2Shell Vulnerability, as it’s already been covered by Trend Micro. This is currently unattributed to any known Threat Groups or APT Groups.  Duri…

🚨 #React2Shell #Exploit (CVE-2025–55182)

Found #OpenDir!

☢️Big names like Porsche,Starbucks, OpenAI,SoundCloud on the list!

154.61.77.105 🇮🇳
🎯21 Fintech companies🏦
🎯14 Food & Beverage🍲

Report
theravenfile.com/2025/12/12/r...

#CyberSecurity #Infosec #OSINT #DarkWeb #DeepWeb #Malware #Cryptomining

3 months ago 0 0 0 0

📌On 4th December 2025; the group had announced 23 new victims on their DLS, by scrapping old Data leaks
📌Upon analyzing, it is found that 11 victims are recycled from April 2025 LockBit Leaks
📌2 Victims are from #Weyhro and #RansomHouse Group

#malware #TOR #CyberSecurity

3 months ago 0 0 0 0
Post image Post image Post image

🚨Exposing #LOCKBIT 5.0 Server: IP & DOMAIN

IP: 205.185.116.233 🇺🇸
#AS53667

Domain: karma0[.]xyz
Reg: 2 November 2025

💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31

#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach

3 months ago 0 0 1 0
Post image

While analyzing #Warlock #Ransomware, repeated Mutex found, leaked in #Conti Leaks!

MUTEX: hsfjuukjzloqu28oajh727190

CONTI: 2021
LOCKBIT GREEN: 2023
CERBER: 2023

2025
DRAGONFORCE
DEVMAN
D0GLUN
WARLOCK

#CyberSecurity #CyberSec #Infosec #hack #OSINT #Security #DarkWeb #Malware

3 months ago 0 0 0 0
Post image

🚨DragonForce Ransomware: Real IP

46.29.238.160 🇳🇴
AS 215540 🇷🇺

📌Appears to be an IP associated with Ether VPN
📌The same ASN was found to be used by AKIRA Ransomware in August 2025

#DragonForce #Ransomware #DarkWeb #Security #InfoSec #Hack #CyberSecurity #CyberSec #Exploit #Akira

4 months ago 0 0 0 0
Advertisement
Post image

While analyzing few samples of #Lockbit 5.0, an interesting fact found!🤨

Most Samples share same VHash,which is: 075056657d15151"z

theravenfile.com/2024/06/26/t...

#ransomware #DarkWeb #CyberSecurity #CyberSec #InfoSec #CyberSecurityTips #ThreatHunting #ThreatIntelligence #ThreatIntel #Security

4 months ago 0 0 0 0
Preview
CLOP RANSOMWARE: DISSECTING NETWORK NOTE: This Research Investigates purely focuses on the Networks used by the Clop Ransomware Group during their infiltration at different victims.  INTRODUCTION GETTING FOOTHOLD: CVE-2025–61882…

🚨 NEW: #Clop (cl0p) #Ransomware Network!

Dissected 96 IPs
77.8% #subnet reuse
#MOVEit 🫆 still active Fresh #Oracle #EBS zero-day (#CVE-2025-61882) in the wild

Full report: theravenfile.com/2025/11/04/c...

#DarkWeb #Infosec #Security #Hack #ThreatIntel #ZeroDay #OSINT #TOR #Exploit

4 months ago 0 0 0 0
Post image

🚨Spotting Stealthy #CLEARFAKE Campaign!!

With following #Powershell Command Snippet, I was able to pull some fresh cases of ClearFake!

"POwErsHeLL -w 1 &"

IP
83.219.248.37
172.67.202.94
172.67.219.189
199.188.201.106
83.219.248.37
172.67.132.82
172.67.202.94

github.com/TheRavenFile...

5 months ago 0 0 0 0

📌Both group resembles same, however their targeted victims are different
📌Salt Typhoon targets global entities except CIS, however Space Pirates targets only CIS including Russian Aerospace and Critical Plants

5 months ago 0 0 0 0

📌The catch here is: Different names assigned to same loader, but for different APT Groups
📌SNAPPYBEE Loader = Salt Typhoon
📌DEED RAT = Space Pirates
📌DEED RAT was initially used by Space Pirates, then used by Salt Typhoon in recent campaigns

5 months ago 0 0 1 0
Post image

CHINESE APT OVERLAP: SALT TYPHOON X SPACE PIRATES 🇨

💡A sample is found overlapped with 2 Threat Actors from different timeline!

MD5: 5d0aa944ce19e0a70adad562ce0e7880

#SaltTyphoon #APT #SpacePirates #OSINT #Security #InfoSec #Malware #CyberCrime #CyberSecurity #ThreatIntelligence #ThreatIntel

5 months ago 0 0 1 0
Post image Post image

🚨Clop Releases #Oracle E-Business Suite 0Day Victims: CVE-2025-61882

31.200.249.227: Used by #LockBit and #Clop

AS216158 🇷🇺
Teleport Rus LLC

31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.233

#Cl0p #Ransomware #Security #InfoSec #Hack #DataBreach #Hack #CyberSecurity #CyberSec

5 months ago 0 0 0 0
Post image

🚨OBSCURA RANSOMWARE DATA BREACH VIA I2P NETWORK

💡2 leaks are hosted in I2P network via P2P Magnet Share

📌Initially found in September 2025
📌Infected about 9 Victims, US tops the list
📌Most Data leaks are not present
📌Previously, the Ransomware that used I2P was Pay2Key from Iran 🇮🇷

5 months ago 0 0 0 0
Advertisement
Preview
GUNRA RANSOMWARE: What You Don’t Know! NOTE: This is a lengthy investigation that eventually took four months. Any future updates of this group would be reflected in this same blog post. TABLE OF CONTENTS EXECUTIVE SUMMARY INTRODUCTION …

🔐 #GUNRA #RANSOMWARE - WHAT YOU DON'T KNOW!

Just dove into a deep analysis of Gunra ransomware

📖 Check out: theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/

#Cybersecurity #ThreatIntel #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti

6 months ago 0 0 0 0
Post image

🚨BREAKING: PEAR Ransomware Group uses infra/template of APOS Ransomware

💡Both DLS were using same CSS file titled "AposPanel.styles.css"

#APOS #Ransomware #PEAR #Malware #DarkWeb #DeepWeb #Infosec #Security #OSINT #CyberSecurity #Cybersec #TOR #ThreatIntelligence #ThreatIntel #DataBreach

6 months ago 1 0 0 0
Post image

#TZULO: Fav. Host of #UNC6040🇺🇸

Malicious events:-

📌LLM Hijacking
📌Fortigate VPN Bruteforce
📌ZynorRAT, AsyncRAT, RemcosRAT, AgentTesla, GuLoader, QakBot, RecordBreaker
📌#SAFEPAY #Ransomware 68.235.46[.]80

github.com/TheRavenFile...

#Salesloft #Salesforce #CyberSecurity #InfoSec #OSINT #Darkweb

6 months ago 0 0 0 0