LOGICAL LIMITATIONS OF AI MODELS IN THREAT INTELLIGENCE

NOTE: This is an experimental overview of various Threat Intelligence parameters designed to evaluate the performance of AI Agents (LLM Models). The testing was carried out in June 2025 and Repeated in January 2026.

• INTRODUCTION
• TEST CASE: WHY LOCKBIT RANSOMWARE?
• ADDRESSING LLM LOGICAL PROBLEMS
• LLM LOGICAL ISSUES
• DIVING DEEP: LLM USE CASES
• CHATGPT
• BLACKBOX (GPT4)
• MICROSOFT CO-PILOT
• DEEPSEEK
• MERLIN (GPT3.5)
• QWEN
• DEEP AI
• LLM TEST RUN: 2ND PHASE — JANUARY 2026
• CHATGPT
• BLACKBOX
• MICROSOFT CO-PILOT
• DEEPSEEK
• PERPLEXITY
• GOOGLE GEMINI
• GROK
• A DIFFERENT QUERY — EXTENDING THE TEST
• PERFORMANCE ANALYSIS
• LESS CONCERNED ISSUES
• AUTO-POISONED LLM MODELS
• CONCLUSION
• FINAL TAKEAWAY
• IOCs

INTRODUCTION

Many innovations are accelarating in the field of AI as the rate of its adoption is high. The faster adoption rate of AI paves the way to wider threat landscape to the unseen circumstances. 

In July 2023, I discovered a project of jailbroken ChatGPT named FraudGPT on DarkWeb, which you can read here. Similarly, there were other products such as WormGPT, which was also surfaced during the same timeline. 

With the increase of such crime-friendly LLM Models, many Cyber Attacks started to get orchestrated (using AI). We have seen many Ransomware Groups, such as PromptLock, Gentlemen, FunkSec are purely made use of AI in their Attack Campaigns. 

The notable state-sponsored APT Groups were also equipped with AI such as:-

• APT42 🇮🇷 : Uses Gemini for spear-phishing campaigns
• Lazarus Group 🇰🇵 : DeepFakes for DPRK IT Job Interviews
• APT31 & APT10 🇨🇳 : Claude to automate parts of their cyber espionage campaigns
• APT28 🇷🇺 : LameHug InfoStealer

As the AI is slowly maturing from infancy, not many projects are present to safeguard the models. One such project is NOVA: A prompt pattern matching project of Thomas Roccia, which can detect the abusiveness of LLM Models. 

Recently, we have also witnessed the weaponization of the AI Agent OpenClaw Project (ClawdBot/Moltbot), where some skills were used to steal credentials, spread malware like Atomic Stealer (AMOS), and exfiltrate data from macOS/Windows users.

In this Research, we are going to examine the efficiency of AI Chat Bots specifically for Cyber Threat Intelligence, especially focusing on Logical Errors present in each AI Model. Through this Research Article, I am aiming to classify various threats present in various LLM Models. 

As more and more AI models are on the rise, it is important to analyze the behavior of AI Models to each query and it’s logical understanding which could drive the Research/Investigation in the right path, as many Researchers/Analysts and even Ransomware/APT Groups are relying on them. 

TEST CASE: WHY LOCKBIT RANSOMWARE? 

This would be a series, starting with LockBit Ransomware-related queries. The reason to pick Lockbit Ransomware is due to its large number of digital footprints via Reports, IOCs, and Articles published. Moreover, Lockbit had undergone various phase changes currently reached to the LockBit 5.0 version. Hence it would be a perfect ground to test the credibility and efficiency of AI Models (in context of Threat Intelligence). 

METHODOLOGY: A series of questions would be queried to various AI Models and we would record the Output. 

Here, we will not be displaying the entire Output as it becomes a big read and uninteresting. 

NOTE: The AI models used for this experiment are general AI Models and free versions. Hence, the output would differ in the dedicated/custom LLM Models. This study aims NOT to discredit any AI Models, but to shed light on the existing LLMs.

ADDRESSING LLM LOGICAL PROBLEMS

So far, we have seen multiple attack vectors spotted for LLM (Large Language Models) such as Prompt Injection, JailBreaking, Backdoor Insertion, Malware Generation, etc. 

In this discussion, we will primarily examine the logical issues associated with various LLM models in response to different queries. We will analyze how models like LLAMA, GPT-4, and others behave and respond differently to general questions, and evaluate the extent to which we can rely on their outputs.

LLM LOGICAL ISSUES

Below is the list of Issues identified while running the test on 10 AI Models:-

PROBLEM 1: HALLUCINATED IOCS
PROBLEM 2: WRONG CREDIT TO LEGIT SOURCES
PROBLEM 3: FAKE LINK PROMOTION
PROBLEM 4: MISSPELLED INDICATORS
PROBLEM 5: SELF CONTRADICTORY STATEMENT ON REPEATED PROMPTS
PROBLEM 6: OUTDATED INFO
PROBLEM 7: SAME RESPONSE FOR DIFFERENT PROMPTS
PROBLEM 8: INCORRECT IOCs
PROBLEM 9: GETS STUCK AT TIMES IF NOT RE-QUERIED
PROBLEM 10: SOURCE MISSING
PROBLEM 11: BLAME SHIFTING
PROBLEM 12: APOLOGIZING WHEN CAUGHT RED-HANDED
PROBLEM 13: HALLUCINATED IOCS WITH “VERIFIED” TAG
PROBLEM 14: REPEATED MISTAKE CYCLE OF WRONG ANSWERS WHEN RE-QUERIED
PROBLEM 15: DENIAL OF IOC SHARING
PROBLEM 16: FALSE ATTRIBUTION WITH CONFIDENCE
PROBLEM 17: HALLUCINATED SOURCE PAGES
PROBLEM 18: WRONG LINKAGE
PROBLEM 19: SELF ASSUMPTION — HANDLES/SITES
PROBLEM 20: IOCS FROM UNPOPULAR BLOGS/PDFS
PROBLEM 21: LLM POISONING — BELIEVING NON-EXISTENT FACTS
PROBLEM 22: INCOMPLETE DATA
PROBLEM 23: WRONG INFORMATION
PROBLEM 24: CONFUSED IOCs
PROBLEM 25: AI-DRIVEN INVESTIGATION

DIVING DEEP: LLM USE CASES

We are going to dive deep into the problems which are mentioned above.

CHATGPT

➤HALLUCINATED IOCs: These are the imaginary/non-existent IOCs such as Sample Hash, URLs, Domains etc are being provided by the AI model when queried about any Ransomware or Malware.

PROMPT: Get me some IOCs for Lockbit Ransomware?

The Red-Labeled Highlighted IOCs are purely hallucinated by the Model and do not exist in the real world. 

DANGER: The wrong IOCs provided by the AI Model would derail the Investigation and more fake information would be supplied to the web, which again gets retrained by the model in the long run, making it impossible to tag/mark it as a fake IOC. 

➤WRONG CREDIT TO LEGIT SOURCES: Found that some AI Models are attributing hallucinated IOCs to legitimate sources when queried about their authenticity.

PROMPT: What about this hash: f5f4fbe62aa09dc423dc1a2a74f2fa5f933b3a313123a83f18dc46f0c9d1d1a1?

DANGER: The wrongly mentioned legitimate source gets discredited/loose genuinity automatically when the AI Agent is lying. Hence, the source would be considered with a grain of salt for future reference.

➤FAKE LINK PROMOTION: When queried about malware, it gives irrelevant results of Links (including Youtube).

As we can see, ChatGPT began to hallucinate with fake links with genuine sources such as:-

https://www.virustotal.com/gui/file/34b8c0fe6b7fd6e5a44d2d01b07c7e5f67b9a9e6a58c46e15f8cb389d3fc241a/detection
https://bazaar.abuse.ch/sample/34b8c0fe6b7fd6e5a44d2d01b07c7e5f67b9a9e6a58c46e15f8cb389d3fc241a/
https://any.run/report/34b8c0fe6b7fd6e5a44d2d01b07c7e5f67b9a9e6a58c46e15f8cb389d3fc241a

All 3 links do NOT exist at any point. Here, the model hallucinates the file with legitimate path names as it is aware of the correct URL and embeds the file hash at the end, which is non-existent anywhere. Here is the output of the same:

DANGER: The trivial information related to any queried info is being pulled from irrelevant sources. This could be a Phishing link as well.

➤MISSPELLED INDICATORS: AI Models get self-confused with the look-alike keywords such as “CryptBot” with “CryptoBot”.

PROMPT: Is cryptobot[.]cc related to lockbit? If yes, can you provide the source?

An Infostealer called “CryptBot” is spotted, which is a legitimate infostealer. It can be assumed that ChatGPT might have referred to this infostealer instead of the one. The info can be found here.

DANGER: The confused output, when taken for granted, it affects the overall investigation and leads to different direction. 

➤SELF CONTRADICTORY STATEMENT ON REPEATED PROMPTS: When a query is re-queried, the AI agent loses confidence and adds self-contradictory statements at the end, making the user convinced.

PROMPT: From where did you get: 185.225.73.244, 23.81.246.140 and 31.184.254.85 related to Lockbit?

It gives a convincing reply at the end, as these are not directly associated with LockBit; self-contradicting its initial reply as a Summary.

DANGER: A single query is not enough to solidify the statement and reach a conclusion. When AI points a finger to trustworthy sources, the user believes it without any X-Check, which is dangerous for Research and Analysis.

BLACKBOX (GPT4)

➤OUTDATED INFO: AI Models do not track the Threat Intel platform in real-time, making the IOCs obsolete.

PROMPT: Can you get me some IOCs on Lockbit Ransomware?

Here, the model only included TOR V2 Onion domains, though there are ample of V3 domains out there.

DANGER: Can’t consider if you are doing a real-time threat hunt as models spit old data, which also could be hallucinated. 

➤SAME RESPONSE FOR DIFFERENT PROMPTS: When 2 different queries with different input; gives same response.

PROMPT: Can you get the Version 3 TOR Domains of Lockbit Ransomware?

Here, the model tagged V2 Domains as V2 TOR Domains which is false. Mentioned Domains are hallucinated. 

DANGER: Sometimes, AI does not differentiate between the fed request and treats it under the same context.

MICROSOFT CO-PILOT

➤INCORRECT IOCs: When a sample is fed, the AI Model fails to provide the genuine outputs.

PROMPT: Can you list some IPs associated with Lockbit ransomware?

All these are Wrong IOCs which do not have any connection with LockBit.

DANGER: Some samples of Malware are mis-tagged, which leads to wrong classification of Threats such as swapping the names of ransomwares. 

➤LLM POISONING — BELIEVING NON-EXISTENT FACTS: Most of the AI models are vulnerable to LLM Poisoning where a user queries the non-existent fact to the model and in response the Model hallucinates and outputs random information which is false. The same info shall be kept by the AI Model to serve future requests.

PROMPT: And similarly I can see 185.225.74.90 is associated with PandaCar Ransomware. What’s your take?

DANGER: Data Manipulation or Data Poisoning is highly possible by feeding wrong data to the ML Model.

➤WRONG INFORMATION: When asked about a general look-up query such as IP Location, the Model failed to provide a genuine answer. 

PROMPT: Can you get me the location of this IP address? 185.181.60.11

NOTE: The real answer maps to Norway, but the model attributes it to Russia

DANGER: Relying on such models of Threat Intelligence would be a big NO as the model self-hallucinates.

➤DENIAL OF IOC SHARING: Some models do not provide any kind of IOCs when queried about any ransomware/malware.

PROMPT: Get me some samples of LockBit Ransomware?

DANGER: This would be useless and won’t be used by anyone for Threat Intelligence.

NOTE: This little trick can be jailbroken by using the keyword “IOC” instead of “Samples”

➤BLAME SHIFTING: When a query is asked to some AI Models, they would shift the blame to reputable services which makes the user believe the response without a cross-check.

PROMPT: Can you list the source for this hash that you had listed? 0f8a1d3c0e9f7e2b2a6f4d9c3b7a8e5d1c9f0a2b6d7e8f9a0b1c2d3e4f5a6b7c

DANGER: Wrong pointing to legitimate sources for queries would make the sources untrustworthy by LLM Models (though its’ genuine). This results in the auto-classification which leads to the downgrade of trusted sources.

DEEPSEEK

➤SOURCE MISSING: Some AI Models will not provide sources to validate the response.

PROMPT: Get me some IOCs for Lockbit Ransomware?

DANGER: Source-less backed responses are less trusted to the user. Solely relying on an AI response won’t suffice.

➤FALSE ATTRIBUTION WITH CONFIDENCE: When any response is proven to be falsified, some AI models wouldn’t budge from their response and still echo the fake confidence, feeding wrong data to the users.

PROMPT: Can you get me the source of this TOR domain that you listed: lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbskwnkc42ad.onion ?

The output is purely fictional, and the listed sources do not have anything to do with the provided IOCs by the AI Model, but are claimed with high-confidence by the model.

DANGER: Such models could not be relied on and could manipulate real research.

➤HALLUCINATED SOURCE PAGES: AI Models are experts in creating fake pages for sources, that do not exist. A fake page had been referenced in the above image. For example, a malware sample would be hallucinated by the agent and fake pages from relevant sources are created.

The proof of Bleeping Computer Article is purely fictional as the page does not exist:-

“https://www.bleepingcomputer.com/news/security/lockbit-20-ransomware-builds-fake-negotiator-chat-to-trick-victims/“

I have verified with various sources and couldn’t find this URL.

DANGER: If automated, the data would be FALSE POSITIVE (FP) and needs a heavy regulation.

➤WRONG LINKAGE: The Hyperlinks provided by the model for any malware could be false. This has been tested on multiple AI Sources.

PROMPT: List some of the exploited CVEs by Lockbit Group?

Lockbit group is categorized as APT 38 North Korean Group and gives out the MITRE Profile of them instead of LockBit.

DANGER: If it gets poisoned, it can even lead to Phishing directly from AI Models.

Similarly, it happened with the provided domains when asked about their authenticity, the model shifted the blame to CISA, CheckPoint, NCCIC, Intel471 and Kaspersky.

MERLIN (GPT3.5)

➤APOLOGIZING WHEN CAUGHT RED-HANDED: When a IOC specific query is asked, wrong answers are fed by the model. But when the user checks its genuineness and re-queries, the AI Model will apologize for the given output.

PROMPT: From where did you get these 2 hashes?

DANGER: If the user does not re-query, he/she may believe the facts laid out by the LLM at first. This leads to wrong information. Re-Querying required to confirm the genuinity which is time-consuming for the Research Part.

➤HALLUCINATED IOCS AS “VERIFIED” TAG: Some outputs come with the tag “Verified” to give a notion to the user about the trustworthiness, which is absolutely fake.

PROMPT: Get me some verified IOCs of Lockbit Ransomware.

DANGER: Such outputs might be taken for granted, hence leading to the inclusion of legitimate IOCs in the Blacklists.

QWEN

➤SELF ASSUMPTION — HANDLES/SITES: Some AI models will self-assume that a website/Twitter handle will be by-default present as per the fed keywords, even if it doesn’t exist.

PROMPT: What is the Twitter handle of JAMESWT who is related to Malware Sharing?

The AI Model redirected to the wrong profile.

FAKE: https://x.com/JAMESWT_
REAL: https://x.com/JAMESWT_WT/

DANGER: Self-Assumption leads to wrong intel which might even pave the way for Phishing from AI Model without realizing. 

NOTE: Here the profile is existing, but it’s not the one which user requested to the LLM Model.

DEEP AI

➤INCOMPLETE DATA: The information provided by the AI model would not be complete. Hence, a final verdict can’t be withdrawn from the models.

PROMPT: Tools used by LockBit Ransomware. Only list them.

DANGER: It lists the common tools being used by any Ransomware groups. But the model did not list “Stealbit” which is a popular tool used by Lockbit Group. Though it populated Custom Tools, it would not be sufficient if anyone were to look for core information. 

NOTE: Here, we have included the real use case of each problem from the available AI Models. The same issue persists on multiple AI Models which is not documented as it would be a duplicate entry, and makes this report unnecessarily lengthy. 

We have halted the LLM Analysis in July 2025, and again resumed in January 2026 to see the newer changes. 

LLM TEST RUN: 2ND PHASE — JANUARY 2026

Over time, it is found that some AI Models like ChatGPT improved their results.

In Phase 2 run, we will be focusing on established AI Models as most of the logical limitations are also found in the above tested, lesser known Agents. 

In this, we also came across a case of how AI Models are getting auto-poisoned with irrelevant data. 

NOTE: We will test for the weaknesses recorded for LLM Models to check whether they still prevail or not. Explanations will not be repeated. 

CHATGPT

RESULT: No major changes

BLACKBOX

RESULT: No much change

MICROSOFT CO-PILOT

RESULT: Slight improvement found as the latest IOCs were listed by the model. But old bugs still persist. 

DEEPSEEK

Here, the real onion address of Lockbit Group is being masked by Security Researchers/Blogs. The model takes such sources:

As you can see, “lockbitsup” is seen which would be used as a seed to generate new domains as per LLM. 

From this, it is evident that the Model uses such blogs as reference to build their Dataset which often gets resulted incorrectly when a researcher/user queries the same. 

Hallucinated Answer still exists when queried, which leads to LLM Poisoning.

RESULT: No major updates. You can see the model hallucinates the existence of such ransomware and started to provide IOCs like URLs. It also discusses about the Sectors Affected, Ransomware Characteristics, Attack Chain along with Hunting Queries.

PERPLEXITY

Perplexity does a decent job. It gives genuine IOCs for LockBit Ransomware. 

When queried about TOR V3 Domains, it gives a satisfying result, the credit got mis-credited to the wrong source. 

All the listed TOR Domains were found in various sources, the TrendMicro link present in the reply is misleading. 

When queried about IPs, it gives fruitful results.

Also LLM Poisoning is NOT possible…

RESULT: Improvement found. More apt answers were picked by the Model for the fed queries

GOOGLE GEMINI

RESULT: Gemini does a decent job by listing some genuine IOCs at the initial prompt, which was not the same case 6 months back. But previous limitations still exist. 

GROK

Though IOCs are genuine, the sources are not mentioned. This is not a big deal, but could be vital for malvertising in the future. 

When queried about Onion Domains and IPs, the right IOCs are mentioned starting from the latest to the oldest. 

From this, we concur that GROK is performing well as an AI Model for Threat Intelligence. 

NOTE: The test was only carried out in the context of LockBit Ransomware. This may vary with other Malware or Ransomware or any other Cyber Incident

A DIFFERENT QUERY — EXTENDING THE TEST

I have tested various LLM Models with another request to get the file details along with file size from Virus Total. 

NOTE: This is one of the vital parts in this test, as Threat Intelligence and SOC Team always deal with malicious Hashes to enrich their dataset, this query/testcase is useful. 

For that, I have queried the following and got a usual response from LLM Models:-

Here is the response of (OpenAI) CHATGPT:

From all the above models, the usual answer was “You can’t tell the file size from an MD5 hash alone.”

But GROK and PERPLEXITY stood out here:-

NOTE: The same answer with minor changes was spotted with GROK

This makes it a useful LLM Model for anyone who deals with Cyber Threat Intelligence (again…not Optimal).

PERFORMANCE ANALYSIS

In this, I present to you the efficiency of each LLM Models with the above mentioned Problems as Parameters whether they possess it or not.

LESS CONCERNED ISSUES

Here by listing some of the minor issues reported, but not prevalent in AI Models, but still detected. 

➤GETS STUCK AT TIMES IF NOT RE-QUERIED: Some AI Models get stuck and do not proceed with output. This is a result of faster timeout session.

DANGER: The continuous supply of information gets halted when the model shuts down after a faster timeout session which again demands the user to re-feed the same queries, resulting in a deadlock again.

➤REPEATED MISTAKE CYCLE OF WRONG ANSWERS WHEN RE-QUERIED: Some AI Models found to be outputting the same reply when queried, even-though its a wrong information.

DANGER: This proves that some AI models does not undergo retraining on the go and only spit information which is pre-fed into the system.

➤IOCS FROM UNPOPULAR BLOGS/PDFS: If any query related to IOCs are prompted, the model would rely on less-popular and unauthenticated resources to deliver the IOCs.

DANGER: Untrusted sources with IOCs are less genuine and the IOCs should be cross checked before consideration.

➤CONFUSED IOCs: When asked about Domains or URLs, some AI Agents provide IPs instead. This confusion arises from the fact that IOCs are categorized universally (the Domains, IPs, URLs, Hashes).

DANGER: Non Re-Training of AI Models and the model spits out the same information without improvement, which leads to abandoning the project.

➤AI-DRIVEN INVESTIGATION: As the Threat Hunter or Analyst, it is crucial to perform a bunch of tasks to accomplish the Cyber Incident Investigation. In this stage, the model prompts/proposes the next step to carry investigation.

DANGER: If you are relying solely on the Investigative tips provided by the AI Model, it may result in faulty output, hence derailing the real investigation. 

AUTO-POISONED LLM MODELS

In our Research, we found that most of the AI models rely on the hosted content which similarly works as the Search Engine Data Indexing. The more data points, the higher the chances of getting aggregated in the AI Prompt Results. 

But some data-hungry models will auto-train their models with the data from dubious sources or non-verified websites which are questionable sources without a proper check. 

This leads to LLM-based Phishing where phishing URLs or Links are distributed via AI Prompts. 

Any LLM models can be maligned using repeatedly training documents/pages that have fake data, as currently there are no active Reporting/Removal policy. 

Equally, the exposed sensitive information (like PII) shall be auto-trained by AI Models which would change the overall behavior of AI Models, hence leaving them at a vulnerable state. 

We have already seen a bunch of ‘AI Slopped’ Research are being circulated in the infosec community. 

CONCLUSION

This is an attempt to measure the efficiency of AI Models with simple queries, as complex queries are not executed. It does not give a granular level of precision, but get you an overall idea about how each model spits out the answer at different instances. 

This research will help Threat Analysts, AI Teams, SOC and other IT Departments to grasp an understanding of AI Models (wrt Threat Intelligence).

FINAL TAKEAWAY

• Currently, not all AI Models are equipped to fight fake information; hence Reporting an Issue is missing in most Models

• You cannot solely rely on AI Agents for Threat Intelligence and Threat Hunting Assistance

• Inconsistencies faced by various AI Models are not mature enough to handle complex tasks like AI Forensics

• Some AI Models poses danger of digesting fake information fed to the Model, without a Cross-Check at real time

• Algorithms behave differently at different times. The output for a query, as of now, is not the same when asked at different times

• Novel concepts are explained by AI Models like pro, without proper validation

• Sourcing (providing source page) is missing in most AI Models, which is crucial to X-Check the data

IOCs

Please do not feed these IOCs to your blocklist, as it’s purely hallucinated by various AI Models during the experiment. 

DOMAINS
=======
lockbit3.io
lockbitgang.xyz
lockbit.vc
lockbitnews.com
lockbit1.com
lockbit.news
cryptobot.cc
lockbitapt.com
lockbitap.xyz
lockbitcdn.com
lockbitapt2.com
lockbitapt3.com
lockbitapt4.com
lockbitapt5.com
lockbitapt6.com
lockbitblog.onion
lockbitblog.onion 
lockbit3.onion 
lockbitaptxyz.onion
lockbitpanel.onion
lockbitdark.onion
lockbitapt.top
lockbitsup.top
lockbitsup.onion
lockbitacc.onion
lockbitapt.online
lockbitbak.onion
lockbitkodidol.onion
MUTEX
=====
Global\LockbitMutex
Global\Lockbit1
IP
==
185.86.151.157
185.86.151.158
185.86.151.159
185.86.151.160
185.225.73.244
23.81.246.140
31.184.254.85
185.172.128.100
185.172.128.101
185.172.128.102
194.87.236.100
194.87.236.101
45.95.147.229
92.118.112.194
193.149.185.115
80.66.88.147
91.215.85.197
TOR DOMAINS
===========
lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbskwnkc42ad.onion
FAKE SOURCE
===========
https://www.trendmicro.com/en_us/research/22/h/lockbit-3-0.html
SHA256
======
f2b2348b9b4b3c4e276283b6c0b5d84d19b82a970b59ab68f5500be4b5a53ff2 
e7f1e58d4d62f7e722e2cd3cb3a4b4826c6a503b4a42ec2f8c32cc7b974f23f3 
f5f4fbe62aa09dc423dc1a2a74f2fa5f933b3a313123a83f18dc46f0c9d1d1a1
34b8c0fe6b7fd6e5a44d2d01b07c7e5f67b9a9e6a58c46e15f8cb389d3fc241a
e5f632aad8794dbfa3d79a837ad937ffb62f8e0b72ffb3248e5c2344fe68d1db
8bfc85ef8be95d1fd8f1b6f41e5f56c26e31bc0c2cd07d724d2a477350b6fa5d
f2b98fe0e1b736fa7c376e158116f8a76d93ca67c4f0d00fdab4b11e9990da60
0ffdabdb945b25a631b87868d4a2b66d95047d45de3d70a4d6ed35603e436f63
4b52de70f3fd64528f72488e519e3bfa8a56c6e28d835fa0b8d43b8dce51e3f1
32d07f3881a6844a406e93a4f70292823de088f60c5392c3f9397a6a5c5b016d
7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d
f5e8c3a79b6c19b9e2b4d3c8a1e5f7b9d2a4c6b8e3f5d7a1c9b2e8f4a6d3c7b9
a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4
8e7f6d5c4b3a2c1d0e9f8a7b6c5d4e3f2a1b0c9d8e7f6a5b4c3d2e1f0a9b8c7
c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3
1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2
b25d5b0c5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b
4f5a4b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9
c6a13b78d9e2f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0
7a42a2591858a6901ad37d4669a9c9a78a981b1d670c3dbfeef235700eae972c1
0b6cb591f1a0db7d74d8e802000fce9a61bfe520922eefbad1166d1f7c13d222
5819b1d4ee001e387223a7a6fc1ad4a476e45ccd75b354932108073985c05b95
MD5
===
a1b3c1f8e8c9b90f29e1c832c6b3b228
a0dbedc98ab84bb7f3be4248d225b707
44c4c12492de1d315defe5508e7e4d8b
d0cda30b33f34fddf3a3e2409fffd280
f67b8502f37656f6d2a97f9dffae3302

NOTE: The article is purely an Individual Research that belongs to THE RAVEN FILE and is not subjected to be used/published anywhere without the Author’s consent.

Follow me on Twitter for interesting DarkWeb/InfoSec Short findings!