THE RAVEN FILE
@theravenfile.bsky.social
TheRavenFile.com: A Blog focused on Cyber Threat Intelligence
🚨 #React2Shell #Exploit (CVE-2025–55182)
Found #OpenDir!
☢️Big names like Porsche,Starbucks, OpenAI,SoundCloud on the list!
154.61.77.105 🇮🇳
🎯21 Fintech companies🏦
🎯14 Food & Beverage🍲
Report
theravenfile.com/2025/12/12/r...
#CyberSecurity #Infosec #OSINT #DarkWeb #DeepWeb #Malware #Cryptomining
Found #OpenDir!
☢️Big names like Porsche,Starbucks, OpenAI,SoundCloud on the list!
154.61.77.105 🇮🇳
🎯21 Fintech companies🏦
🎯14 Food & Beverage🍲
Report
theravenfile.com/2025/12/12/r...
#CyberSecurity #Infosec #OSINT #DarkWeb #DeepWeb #Malware #Cryptomining
REACT2SHELL: EXPLOITATION IN THE WILD
NOTE: This is not a technical breakdown of the React2Shell Vulnerability, as it’s already been covered by Trend Micro. This is currently unattributed to any known Threat Groups or APT Groups. Duri…
theravenfile.com
December 12, 2025 at 8:09 AM
🚨 #React2Shell #Exploit (CVE-2025–55182)
Found #OpenDir!
☢️Big names like Porsche,Starbucks, OpenAI,SoundCloud on the list!
154.61.77.105 🇮🇳
🎯21 Fintech companies🏦
🎯14 Food & Beverage🍲
Report
theravenfile.com/2025/12/12/r...
#CyberSecurity #Infosec #OSINT #DarkWeb #DeepWeb #Malware #Cryptomining
Found #OpenDir!
☢️Big names like Porsche,Starbucks, OpenAI,SoundCloud on the list!
154.61.77.105 🇮🇳
🎯21 Fintech companies🏦
🎯14 Food & Beverage🍲
Report
theravenfile.com/2025/12/12/r...
#CyberSecurity #Infosec #OSINT #DarkWeb #DeepWeb #Malware #Cryptomining
🚨Exposing #LOCKBIT 5.0 Server: IP & DOMAIN
IP: 205.185.116.233 🇺🇸
#AS53667
Domain: karma0[.]xyz
Reg: 2 November 2025
💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31
#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach
IP: 205.185.116.233 🇺🇸
#AS53667
Domain: karma0[.]xyz
Reg: 2 November 2025
💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31
#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach
December 6, 2025 at 2:17 AM
🚨Exposing #LOCKBIT 5.0 Server: IP & DOMAIN
IP: 205.185.116.233 🇺🇸
#AS53667
Domain: karma0[.]xyz
Reg: 2 November 2025
💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31
#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach
IP: 205.185.116.233 🇺🇸
#AS53667
Domain: karma0[.]xyz
Reg: 2 November 2025
💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31
#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach
🚨DragonForce Ransomware: Real IP
46.29.238.160 🇳🇴
AS 215540 🇷🇺
📌Appears to be an IP associated with Ether VPN
📌The same ASN was found to be used by AKIRA Ransomware in August 2025
#DragonForce #Ransomware #DarkWeb #Security #InfoSec #Hack #CyberSecurity #CyberSec #Exploit #Akira
46.29.238.160 🇳🇴
AS 215540 🇷🇺
📌Appears to be an IP associated with Ether VPN
📌The same ASN was found to be used by AKIRA Ransomware in August 2025
#DragonForce #Ransomware #DarkWeb #Security #InfoSec #Hack #CyberSecurity #CyberSec #Exploit #Akira
November 24, 2025 at 7:51 AM
🚨DragonForce Ransomware: Real IP
46.29.238.160 🇳🇴
AS 215540 🇷🇺
📌Appears to be an IP associated with Ether VPN
📌The same ASN was found to be used by AKIRA Ransomware in August 2025
#DragonForce #Ransomware #DarkWeb #Security #InfoSec #Hack #CyberSecurity #CyberSec #Exploit #Akira
46.29.238.160 🇳🇴
AS 215540 🇷🇺
📌Appears to be an IP associated with Ether VPN
📌The same ASN was found to be used by AKIRA Ransomware in August 2025
#DragonForce #Ransomware #DarkWeb #Security #InfoSec #Hack #CyberSecurity #CyberSec #Exploit #Akira
While analyzing few samples of #Lockbit 5.0, an interesting fact found!🤨
Most Samples share same VHash,which is: 075056657d15151"z
theravenfile.com/2024/06/26/t...
#ransomware #DarkWeb #CyberSecurity #CyberSec #InfoSec #CyberSecurityTips #ThreatHunting #ThreatIntelligence #ThreatIntel #Security
Most Samples share same VHash,which is: 075056657d15151"z
theravenfile.com/2024/06/26/t...
#ransomware #DarkWeb #CyberSecurity #CyberSec #InfoSec #CyberSecurityTips #ThreatHunting #ThreatIntelligence #ThreatIntel #Security
November 19, 2025 at 7:07 AM
While analyzing few samples of #Lockbit 5.0, an interesting fact found!🤨
Most Samples share same VHash,which is: 075056657d15151"z
theravenfile.com/2024/06/26/t...
#ransomware #DarkWeb #CyberSecurity #CyberSec #InfoSec #CyberSecurityTips #ThreatHunting #ThreatIntelligence #ThreatIntel #Security
Most Samples share same VHash,which is: 075056657d15151"z
theravenfile.com/2024/06/26/t...
#ransomware #DarkWeb #CyberSecurity #CyberSec #InfoSec #CyberSecurityTips #ThreatHunting #ThreatIntelligence #ThreatIntel #Security
🚨 NEW: #Clop (cl0p) #Ransomware Network!
Dissected 96 IPs
77.8% #subnet reuse
#MOVEit still active Fresh #Oracle #EBS zero-day (#CVE-2025-61882) in the wild
Full report: theravenfile.com/2025/11/04/c...
#DarkWeb #Infosec #Security #Hack #ThreatIntel #ZeroDay #OSINT #TOR #Exploit
Dissected 96 IPs
77.8% #subnet reuse
#MOVEit still active Fresh #Oracle #EBS zero-day (#CVE-2025-61882) in the wild
Full report: theravenfile.com/2025/11/04/c...
#DarkWeb #Infosec #Security #Hack #ThreatIntel #ZeroDay #OSINT #TOR #Exploit
CLOP RANSOMWARE: DISSECTING NETWORK
NOTE: This Research Investigates purely focuses on the Networks used by the Clop Ransomware Group during their infiltration at different victims. INTRODUCTION GETTING FOOTHOLD: CVE-2025–61882…
theravenfile.com
November 4, 2025 at 4:26 AM
🚨Spotting Stealthy #CLEARFAKE Campaign!!
With following #Powershell Command Snippet, I was able to pull some fresh cases of ClearFake!
"POwErsHeLL -w 1 &"
IP
83.219.248.37
172.67.202.94
172.67.219.189
199.188.201.106
83.219.248.37
172.67.132.82
172.67.202.94
github.com/TheRavenFile...
With following #Powershell Command Snippet, I was able to pull some fresh cases of ClearFake!
"POwErsHeLL -w 1 &"
IP
83.219.248.37
172.67.202.94
172.67.219.189
199.188.201.106
83.219.248.37
172.67.132.82
172.67.202.94
github.com/TheRavenFile...
October 28, 2025 at 1:40 AM
🚨Spotting Stealthy #CLEARFAKE Campaign!!
With following #Powershell Command Snippet, I was able to pull some fresh cases of ClearFake!
"POwErsHeLL -w 1 &"
IP
83.219.248.37
172.67.202.94
172.67.219.189
199.188.201.106
83.219.248.37
172.67.132.82
172.67.202.94
github.com/TheRavenFile...
With following #Powershell Command Snippet, I was able to pull some fresh cases of ClearFake!
"POwErsHeLL -w 1 &"
IP
83.219.248.37
172.67.202.94
172.67.219.189
199.188.201.106
83.219.248.37
172.67.132.82
172.67.202.94
github.com/TheRavenFile...
CHINESE APT OVERLAP: SALT TYPHOON X SPACE PIRATES 🇨
💡A sample is found overlapped with 2 Threat Actors from different timeline!
MD5: 5d0aa944ce19e0a70adad562ce0e7880
#SaltTyphoon #APT #SpacePirates #OSINT #Security #InfoSec #Malware #CyberCrime #CyberSecurity #ThreatIntelligence #ThreatIntel
💡A sample is found overlapped with 2 Threat Actors from different timeline!
MD5: 5d0aa944ce19e0a70adad562ce0e7880
#SaltTyphoon #APT #SpacePirates #OSINT #Security #InfoSec #Malware #CyberCrime #CyberSecurity #ThreatIntelligence #ThreatIntel
October 23, 2025 at 4:13 AM
CHINESE APT OVERLAP: SALT TYPHOON X SPACE PIRATES 🇨
💡A sample is found overlapped with 2 Threat Actors from different timeline!
MD5: 5d0aa944ce19e0a70adad562ce0e7880
#SaltTyphoon #APT #SpacePirates #OSINT #Security #InfoSec #Malware #CyberCrime #CyberSecurity #ThreatIntelligence #ThreatIntel
💡A sample is found overlapped with 2 Threat Actors from different timeline!
MD5: 5d0aa944ce19e0a70adad562ce0e7880
#SaltTyphoon #APT #SpacePirates #OSINT #Security #InfoSec #Malware #CyberCrime #CyberSecurity #ThreatIntelligence #ThreatIntel
🚨Clop Releases #Oracle E-Business Suite 0Day Victims: CVE-2025-61882
31.200.249.227: Used by #LockBit and #Clop
AS216158 🇷🇺
Teleport Rus LLC
31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.233
#Cl0p #Ransomware #Security #InfoSec #Hack #DataBreach #Hack #CyberSecurity #CyberSec
31.200.249.227: Used by #LockBit and #Clop
AS216158 🇷🇺
Teleport Rus LLC
31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.233
#Cl0p #Ransomware #Security #InfoSec #Hack #DataBreach #Hack #CyberSecurity #CyberSec
October 17, 2025 at 7:31 AM
🚨Clop Releases #Oracle E-Business Suite 0Day Victims: CVE-2025-61882
31.200.249.227: Used by #LockBit and #Clop
AS216158 🇷🇺
Teleport Rus LLC
31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.233
#Cl0p #Ransomware #Security #InfoSec #Hack #DataBreach #Hack #CyberSecurity #CyberSec
31.200.249.227: Used by #LockBit and #Clop
AS216158 🇷🇺
Teleport Rus LLC
31.200.249.130
31.200.249.146
31.200.249.178
31.200.249.233
#Cl0p #Ransomware #Security #InfoSec #Hack #DataBreach #Hack #CyberSecurity #CyberSec
🚨OBSCURA RANSOMWARE DATA BREACH VIA I2P NETWORK
💡2 leaks are hosted in I2P network via P2P Magnet Share
📌Initially found in September 2025
📌Infected about 9 Victims, US tops the list
📌Most Data leaks are not present
📌Previously, the Ransomware that used I2P was Pay2Key from Iran 🇮🇷
💡2 leaks are hosted in I2P network via P2P Magnet Share
📌Initially found in September 2025
📌Infected about 9 Victims, US tops the list
📌Most Data leaks are not present
📌Previously, the Ransomware that used I2P was Pay2Key from Iran 🇮🇷
October 1, 2025 at 4:05 AM
🚨OBSCURA RANSOMWARE DATA BREACH VIA I2P NETWORK
💡2 leaks are hosted in I2P network via P2P Magnet Share
📌Initially found in September 2025
📌Infected about 9 Victims, US tops the list
📌Most Data leaks are not present
📌Previously, the Ransomware that used I2P was Pay2Key from Iran 🇮🇷
💡2 leaks are hosted in I2P network via P2P Magnet Share
📌Initially found in September 2025
📌Infected about 9 Victims, US tops the list
📌Most Data leaks are not present
📌Previously, the Ransomware that used I2P was Pay2Key from Iran 🇮🇷
🔐 #GUNRA #RANSOMWARE - WHAT YOU DON'T KNOW!
Just dove into a deep analysis of Gunra ransomware
📖 Check out: theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/
#Cybersecurity #ThreatIntel #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti
Just dove into a deep analysis of Gunra ransomware
📖 Check out: theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/
#Cybersecurity #ThreatIntel #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti
GUNRA RANSOMWARE: What You Don’t Know!
NOTE: This is a lengthy investigation that eventually took four months. Any future updates of this group would be reflected in this same blog post. TABLE OF CONTENTS EXECUTIVE SUMMARY INTRODUCTION …
theravenfile.com
September 23, 2025 at 5:09 PM
🔐 #GUNRA #RANSOMWARE - WHAT YOU DON'T KNOW!
Just dove into a deep analysis of Gunra ransomware
📖 Check out: theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/
#Cybersecurity #ThreatIntel #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti
Just dove into a deep analysis of Gunra ransomware
📖 Check out: theravenfile.com/2025/09/23/gunra-ransomware-what-you-dont-know/
#Cybersecurity #ThreatIntel #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti
🚨BREAKING: PEAR Ransomware Group uses infra/template of APOS Ransomware
💡Both DLS were using same CSS file titled "AposPanel.styles.css"
#APOS #Ransomware #PEAR #Malware #DarkWeb #DeepWeb #Infosec #Security #OSINT #CyberSecurity #Cybersec #TOR #ThreatIntelligence #ThreatIntel #DataBreach
💡Both DLS were using same CSS file titled "AposPanel.styles.css"
#APOS #Ransomware #PEAR #Malware #DarkWeb #DeepWeb #Infosec #Security #OSINT #CyberSecurity #Cybersec #TOR #ThreatIntelligence #ThreatIntel #DataBreach
September 20, 2025 at 7:42 AM
🚨BREAKING: PEAR Ransomware Group uses infra/template of APOS Ransomware
💡Both DLS were using same CSS file titled "AposPanel.styles.css"
#APOS #Ransomware #PEAR #Malware #DarkWeb #DeepWeb #Infosec #Security #OSINT #CyberSecurity #Cybersec #TOR #ThreatIntelligence #ThreatIntel #DataBreach
💡Both DLS were using same CSS file titled "AposPanel.styles.css"
#APOS #Ransomware #PEAR #Malware #DarkWeb #DeepWeb #Infosec #Security #OSINT #CyberSecurity #Cybersec #TOR #ThreatIntelligence #ThreatIntel #DataBreach
#TZULO: Fav. Host of #UNC6040🇺🇸
Malicious events:-
📌LLM Hijacking
📌Fortigate VPN Bruteforce
📌ZynorRAT, AsyncRAT, RemcosRAT, AgentTesla, GuLoader, QakBot, RecordBreaker
📌#SAFEPAY #Ransomware 68.235.46[.]80
github.com/TheRavenFile...
#Salesloft #Salesforce #CyberSecurity #InfoSec #OSINT #Darkweb
Malicious events:-
📌LLM Hijacking
📌Fortigate VPN Bruteforce
📌ZynorRAT, AsyncRAT, RemcosRAT, AgentTesla, GuLoader, QakBot, RecordBreaker
📌#SAFEPAY #Ransomware 68.235.46[.]80
github.com/TheRavenFile...
#Salesloft #Salesforce #CyberSecurity #InfoSec #OSINT #Darkweb
September 15, 2025 at 6:37 AM
#TZULO: Fav. Host of #UNC6040🇺🇸
Malicious events:-
📌LLM Hijacking
📌Fortigate VPN Bruteforce
📌ZynorRAT, AsyncRAT, RemcosRAT, AgentTesla, GuLoader, QakBot, RecordBreaker
📌#SAFEPAY #Ransomware 68.235.46[.]80
github.com/TheRavenFile...
#Salesloft #Salesforce #CyberSecurity #InfoSec #OSINT #Darkweb
Malicious events:-
📌LLM Hijacking
📌Fortigate VPN Bruteforce
📌ZynorRAT, AsyncRAT, RemcosRAT, AgentTesla, GuLoader, QakBot, RecordBreaker
📌#SAFEPAY #Ransomware 68.235.46[.]80
github.com/TheRavenFile...
#Salesloft #Salesforce #CyberSecurity #InfoSec #OSINT #Darkweb
🚨INTEL ON #NPM #SupplyChainAttack
Uncovered Wallets used by NPM Hacker in ETH & SOL
Hacker created a coin "NPM Hacker" for pump & dump on 8th September 2025
You can track address here:
github.com/TheRavenFile...
#NPMHack #Blockchain #CyberSecurity #Infosec #OSINT #ThreatIntel
Uncovered Wallets used by NPM Hacker in ETH & SOL
Hacker created a coin "NPM Hacker" for pump & dump on 8th September 2025
You can track address here:
github.com/TheRavenFile...
#NPMHack #Blockchain #CyberSecurity #Infosec #OSINT #ThreatIntel
September 9, 2025 at 8:22 AM
🚨INTEL ON #NPM #SupplyChainAttack
Uncovered Wallets used by NPM Hacker in ETH & SOL
Hacker created a coin "NPM Hacker" for pump & dump on 8th September 2025
You can track address here:
github.com/TheRavenFile...
#NPMHack #Blockchain #CyberSecurity #Infosec #OSINT #ThreatIntel
Uncovered Wallets used by NPM Hacker in ETH & SOL
Hacker created a coin "NPM Hacker" for pump & dump on 8th September 2025
You can track address here:
github.com/TheRavenFile...
#NPMHack #Blockchain #CyberSecurity #Infosec #OSINT #ThreatIntel
🚨Just published my latest Investigation Research on a shady Hosting Provider of #Seychelles 🇸🇨 that has strong ties with Russian 🇷🇺 Shell Companies who runs via a loophole in #UK Law 🇬🇧!
theravenfile.com/2025/09/08/u...
#Clop #Ransomware #AlvivaHolding #DarkWeb #Infosec #OSINT #TOR #CYBERCRIME
theravenfile.com/2025/09/08/u...
#Clop #Ransomware #AlvivaHolding #DarkWeb #Infosec #OSINT #TOR #CYBERCRIME
Uncovering ALVIVA HOLDING: Links to Russian Shell Companies and Cybercrime
This is an Investigative Report on how the most malicious hosting provider is linked to a Shell Company registered in Seychelles 🇸🇨. This article will not cover Ransomware Analysis, but will focus …
theravenfile.com
September 8, 2025 at 7:03 AM
🚨Just published my latest Investigation Research on a shady Hosting Provider of #Seychelles 🇸🇨 that has strong ties with Russian 🇷🇺 Shell Companies who runs via a loophole in #UK Law 🇬🇧!
theravenfile.com/2025/09/08/u...
#Clop #Ransomware #AlvivaHolding #DarkWeb #Infosec #OSINT #TOR #CYBERCRIME
theravenfile.com/2025/09/08/u...
#Clop #Ransomware #AlvivaHolding #DarkWeb #Infosec #OSINT #TOR #CYBERCRIME
#LockBit #Ransomware #Torrent Servers Active even after months!🌊
Check this indicator in your environment:-
31.200.249.*
AS 216158 (Teleport Rus LLC)🇷🇺
Check out Git for full IOCs:
github.com/TheRavenFile...
#infosec #security #ThreatIntel #OSINT #cybersec #DarkWeb #DeepWeb #DataBreach #TOR #P2P
Check this indicator in your environment:-
31.200.249.*
AS 216158 (Teleport Rus LLC)🇷🇺
Check out Git for full IOCs:
github.com/TheRavenFile...
#infosec #security #ThreatIntel #OSINT #cybersec #DarkWeb #DeepWeb #DataBreach #TOR #P2P
September 1, 2025 at 7:17 AM
#LockBit #Ransomware #Torrent Servers Active even after months!🌊
Check this indicator in your environment:-
31.200.249.*
AS 216158 (Teleport Rus LLC)🇷🇺
Check out Git for full IOCs:
github.com/TheRavenFile...
#infosec #security #ThreatIntel #OSINT #cybersec #DarkWeb #DeepWeb #DataBreach #TOR #P2P
Check this indicator in your environment:-
31.200.249.*
AS 216158 (Teleport Rus LLC)🇷🇺
Check out Git for full IOCs:
github.com/TheRavenFile...
#infosec #security #ThreatIntel #OSINT #cybersec #DarkWeb #DeepWeb #DataBreach #TOR #P2P
🚨New Research: #DPRK #IT Workers Unveiled🇰🇵💻
I mapped over 50+ DPRK-linked developer profiles : #GitHub, #CodeSandbox with #Resumes!
🕵️♂️ Read story: theravenfile.com/2025/08/28/d...
#NorthKorea #infosec #security #OSINT #ThreatIntel #FBI #CISA #CyberSecurity #RemoteJobs #JasperSleet
I mapped over 50+ DPRK-linked developer profiles : #GitHub, #CodeSandbox with #Resumes!
🕵️♂️ Read story: theravenfile.com/2025/08/28/d...
#NorthKorea #infosec #security #OSINT #ThreatIntel #FBI #CISA #CyberSecurity #RemoteJobs #JasperSleet
DPRK IT WORKERS UNVEILED
NOTE: This is a continuation of my previous Research Article titled “Unmasking DPRK IT Workers: Email Address Patterns as Hiring Red Flags” which you can find here. EXECUTIVE SUMMARY DPRK IT Worker…
theravenfile.com
August 28, 2025 at 8:18 AM
🚨New Research: #DPRK #IT Workers Unveiled🇰🇵💻
I mapped over 50+ DPRK-linked developer profiles : #GitHub, #CodeSandbox with #Resumes!
🕵️♂️ Read story: theravenfile.com/2025/08/28/d...
#NorthKorea #infosec #security #OSINT #ThreatIntel #FBI #CISA #CyberSecurity #RemoteJobs #JasperSleet
I mapped over 50+ DPRK-linked developer profiles : #GitHub, #CodeSandbox with #Resumes!
🕵️♂️ Read story: theravenfile.com/2025/08/28/d...
#NorthKorea #infosec #security #OSINT #ThreatIntel #FBI #CISA #CyberSecurity #RemoteJobs #JasperSleet
#J #Ransomware- A new Group with 31 Victims launched their #DLS on Surface with #Torrent Share!
https://share.jtor[.]xyz/
80.85.141.8🇳🇱
185.80.234.130🇳🇱
Host: WIN-AQ7G0H1TG6O
Check Git for Samples
github.com/TheRavenFile...
#P2P #ThreatIntel #infosec #security #DarkWeb #DeepWeb #malware #OSINT
https://share.jtor[.]xyz/
80.85.141.8🇳🇱
185.80.234.130🇳🇱
Host: WIN-AQ7G0H1TG6O
Check Git for Samples
github.com/TheRavenFile...
#P2P #ThreatIntel #infosec #security #DarkWeb #DeepWeb #malware #OSINT
August 26, 2025 at 2:30 PM
#J #Ransomware- A new Group with 31 Victims launched their #DLS on Surface with #Torrent Share!
https://share.jtor[.]xyz/
80.85.141.8🇳🇱
185.80.234.130🇳🇱
Host: WIN-AQ7G0H1TG6O
Check Git for Samples
github.com/TheRavenFile...
#P2P #ThreatIntel #infosec #security #DarkWeb #DeepWeb #malware #OSINT
https://share.jtor[.]xyz/
80.85.141.8🇳🇱
185.80.234.130🇳🇱
Host: WIN-AQ7G0H1TG6O
Check Git for Samples
github.com/TheRavenFile...
#P2P #ThreatIntel #infosec #security #DarkWeb #DeepWeb #malware #OSINT
🚨 New Research Alert: UNMASKING #DPRK IT WORKERS 🇰🇵 🖥️
An Analysis of Leaked/Exposed Email Addresses!
Read here 👉 theravenfile.com/2025/08/19/u...
#CyberSecurity #CyberSecurity #InfoSec #Security #Microsoft #ITSecurity #NorthKorea #Blockchain #ThreatIntelligence #OSINT #Ransomware
An Analysis of Leaked/Exposed Email Addresses!
Read here 👉 theravenfile.com/2025/08/19/u...
#CyberSecurity #CyberSecurity #InfoSec #Security #Microsoft #ITSecurity #NorthKorea #Blockchain #ThreatIntelligence #OSINT #Ransomware
Unmasking DPRK IT Workers: Email Address Patterns as Hiring Red Flags
NOTE: This is an analysis based on 2 Twitter Posts about the DPRK Email List Leak, which appeared on 13th and 14th August 2025. EXECUTIVE SUMMARY DPRK (North Korea) actors have been using pse…
theravenfile.com
August 19, 2025 at 5:47 AM
🚨 New Research Alert: UNMASKING #DPRK IT WORKERS 🇰🇵 🖥️
An Analysis of Leaked/Exposed Email Addresses!
Read here 👉 theravenfile.com/2025/08/19/u...
#CyberSecurity #CyberSecurity #InfoSec #Security #Microsoft #ITSecurity #NorthKorea #Blockchain #ThreatIntelligence #OSINT #Ransomware
An Analysis of Leaked/Exposed Email Addresses!
Read here 👉 theravenfile.com/2025/08/19/u...
#CyberSecurity #CyberSecurity #InfoSec #Security #Microsoft #ITSecurity #NorthKorea #Blockchain #ThreatIntelligence #OSINT #Ransomware
🚨FOUND IPs of #NOVA #RANSOMWARE FILE SERVER: NOVA CLOUD V2.0
New Domain setup to host #databreach like #LockBit, #DragonForce
ms5fasbpbfpbxmgtrhcspvg5ajmb2tpxdcg7x2wdd6equemuivqi5syd.onion
http://144.172.95[.]78/
#malware #security #InfoSec #DataBreach #ThreatIntel #CyberSecurity #OSINT #DarkWeb
New Domain setup to host #databreach like #LockBit, #DragonForce
ms5fasbpbfpbxmgtrhcspvg5ajmb2tpxdcg7x2wdd6equemuivqi5syd.onion
http://144.172.95[.]78/
#malware #security #InfoSec #DataBreach #ThreatIntel #CyberSecurity #OSINT #DarkWeb
August 13, 2025 at 7:36 AM
🚨FOUND IPs of #NOVA #RANSOMWARE FILE SERVER: NOVA CLOUD V2.0
New Domain setup to host #databreach like #LockBit, #DragonForce
ms5fasbpbfpbxmgtrhcspvg5ajmb2tpxdcg7x2wdd6equemuivqi5syd.onion
http://144.172.95[.]78/
#malware #security #InfoSec #DataBreach #ThreatIntel #CyberSecurity #OSINT #DarkWeb
New Domain setup to host #databreach like #LockBit, #DragonForce
ms5fasbpbfpbxmgtrhcspvg5ajmb2tpxdcg7x2wdd6equemuivqi5syd.onion
http://144.172.95[.]78/
#malware #security #InfoSec #DataBreach #ThreatIntel #CyberSecurity #OSINT #DarkWeb
🔥BREAKING🗞️ #Nitrogen #Ransomware Group received their biggest payment!
💰$400K
💡Initial Ransom Demand: $600K, victim paid $400K
💡Negotiation: 11 days
💡Samples uploaded to #Mega
#ThreatIntel #InfoSec #Security #OSINT #DarkWeb #TOR #InformationSecurity #raas #hack #malware
💰$400K
💡Initial Ransom Demand: $600K, victim paid $400K
💡Negotiation: 11 days
💡Samples uploaded to #Mega
#ThreatIntel #InfoSec #Security #OSINT #DarkWeb #TOR #InformationSecurity #raas #hack #malware
August 6, 2025 at 4:04 AM
🔥BREAKING🗞️ #Nitrogen #Ransomware Group received their biggest payment!
💰$400K
💡Initial Ransom Demand: $600K, victim paid $400K
💡Negotiation: 11 days
💡Samples uploaded to #Mega
#ThreatIntel #InfoSec #Security #OSINT #DarkWeb #TOR #InformationSecurity #raas #hack #malware
💰$400K
💡Initial Ransom Demand: $600K, victim paid $400K
💡Negotiation: 11 days
💡Samples uploaded to #Mega
#ThreatIntel #InfoSec #Security #OSINT #DarkWeb #TOR #InformationSecurity #raas #hack #malware
🐉Here is my latest Research Article on the interesting facts about the Affiliate of #Qilin #Ransomware Group.
This sheds light on:
📌What Tools they use for Victim compromise?
📌What CVEs are their keen interest
theravenfile.com/2025/08/01/i...
#darkweb #deepweb #malware #OSINT #security
This sheds light on:
📌What Tools they use for Victim compromise?
📌What CVEs are their keen interest
theravenfile.com/2025/08/01/i...
#darkweb #deepweb #malware #OSINT #security
INSIDE QILIN RANSOMWARE AFFILIATE’s PANEL
NOTE: This article strictly sticks to the leaked scenario of Qilin Ransomware Affiliate Panel and uncovers the affiliates Hastalamuerte’s Scope of Interest for Ransomware Attacks. INTRODUCTION Qil…
theravenfile.com
August 1, 2025 at 1:54 PM
🐉Here is my latest Research Article on the interesting facts about the Affiliate of #Qilin #Ransomware Group.
This sheds light on:
📌What Tools they use for Victim compromise?
📌What CVEs are their keen interest
theravenfile.com/2025/08/01/i...
#darkweb #deepweb #malware #OSINT #security
This sheds light on:
📌What Tools they use for Victim compromise?
📌What CVEs are their keen interest
theravenfile.com/2025/08/01/i...
#darkweb #deepweb #malware #OSINT #security
🚨#XSS BUSTED...An interesting fact found!
Reg. addr. & Email (for domain) of XSS is same as #BreachForums that belongs to #Lögreglan ( #Iceland #Police)
theazot[.]icu
theazot[.]xyz
xss[.]is
breachforums[.]is
#infosec #security #cybersecurity #hack #cybercrime #OSINT #deepweb #threatintel #TOR
Reg. addr. & Email (for domain) of XSS is same as #BreachForums that belongs to #Lögreglan ( #Iceland #Police)
theazot[.]icu
theazot[.]xyz
xss[.]is
breachforums[.]is
#infosec #security #cybersecurity #hack #cybercrime #OSINT #deepweb #threatintel #TOR
July 25, 2025 at 5:13 AM
🚨#XSS BUSTED...An interesting fact found!
Reg. addr. & Email (for domain) of XSS is same as #BreachForums that belongs to #Lögreglan ( #Iceland #Police)
theazot[.]icu
theazot[.]xyz
xss[.]is
breachforums[.]is
#infosec #security #cybersecurity #hack #cybercrime #OSINT #deepweb #threatintel #TOR
Reg. addr. & Email (for domain) of XSS is same as #BreachForums that belongs to #Lögreglan ( #Iceland #Police)
theazot[.]icu
theazot[.]xyz
xss[.]is
breachforums[.]is
#infosec #security #cybersecurity #hack #cybercrime #OSINT #deepweb #threatintel #TOR
Just published my new findings on #SharePoint #Vulnerability #Exploit Research here:-
theravenfile.com/2025/07/22/c...
#toolshell #hack #darkweb #deepweb #OSINT #security #infosec #threatintel #threatintelligence #cve #cve202553770
theravenfile.com/2025/07/22/c...
#toolshell #hack #darkweb #deepweb #OSINT #security #infosec #threatintel #threatintelligence #cve #cve202553770
CVE-2025–53770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES & VICTIMS
NOTE: This Investigative Report does not include the data of advisories provided by Microsoft, Eye Security or Palo Alto Networks; however leveraged the malicious indicators to uncover few more ind…
theravenfile.com
July 22, 2025 at 8:41 AM
Just published my new findings on #SharePoint #Vulnerability #Exploit Research here:-
theravenfile.com/2025/07/22/c...
#toolshell #hack #darkweb #deepweb #OSINT #security #infosec #threatintel #threatintelligence #cve #cve202553770
theravenfile.com/2025/07/22/c...
#toolshell #hack #darkweb #deepweb #OSINT #security #infosec #threatintel #threatintelligence #cve #cve202553770
🚨 #BlackByte #Ransomware back after 10 Months listing 5 Victims🔎!
dounczge5jhw4iztnnpzp54kd4ot3tikhjsimurtcewqssgye6vvrhqd.onion
Exposed IP: 193.201.9.222:443 🇷🇺
💡Same ASN used previously!
#malware #threatintel #security #data #infosec #darkweb #malware #TOR #FBI #CISA #hack #cybersecurity #OSINT
dounczge5jhw4iztnnpzp54kd4ot3tikhjsimurtcewqssgye6vvrhqd.onion
Exposed IP: 193.201.9.222:443 🇷🇺
💡Same ASN used previously!
#malware #threatintel #security #data #infosec #darkweb #malware #TOR #FBI #CISA #hack #cybersecurity #OSINT
July 18, 2025 at 11:53 PM
🚨 #BlackByte #Ransomware back after 10 Months listing 5 Victims🔎!
dounczge5jhw4iztnnpzp54kd4ot3tikhjsimurtcewqssgye6vvrhqd.onion
Exposed IP: 193.201.9.222:443 🇷🇺
💡Same ASN used previously!
#malware #threatintel #security #data #infosec #darkweb #malware #TOR #FBI #CISA #hack #cybersecurity #OSINT
dounczge5jhw4iztnnpzp54kd4ot3tikhjsimurtcewqssgye6vvrhqd.onion
Exposed IP: 193.201.9.222:443 🇷🇺
💡Same ASN used previously!
#malware #threatintel #security #data #infosec #darkweb #malware #TOR #FBI #CISA #hack #cybersecurity #OSINT