{ "type": "MD5", "indicator": "84c7bfb0e243dd99b674e48701acab6b", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "84c7bfb0e243dd99b674e48701acab6b", "validation": [], "base_indicator": { "id": 4114804094, "indicator": "fbd67a3bcc964e370931f620a85bf368d7b5797ebc1d53fe3be11a89a90e7961", "type": "FileHash-SHA256", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69f32bff38251e177e78b526", "name": "EbeeApril2026 Pt7", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:16:31.340000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20243721 cve" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 63, "CVE": 8, "FileHash-MD5": 216, "FileHash-SHA1": 220, "FileHash-SHA256": 246, "domain": 98, "hostname": 95 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "11 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "69ead582c3aaefa43cff3cca", "name": "IOC - Detecting and responding to BQTLock ransomware with Wazuh | Wazuh", "description": "BQTLock ransomware is a malicious strain of ransomware that targets Windows endpoints and can encrypt files with the same encryption extension as the.bqtlock extension, which encrypts files and demands a ransom for their release.", "modified": "2026-04-24T02:29:22.743000", "created": "2026-04-24T02:29:22.743000", "tags": [ "ifsid", "mitre", "description", "rule", "field", "wazuh", "bqtlock", "wazuh dashboard", "wazuh server", "click save", "click", "suspicious", "reload", "restart", "python", "error", "import", "download", "path", "powershell", "copy", "encrypt", "bqt" ], "references": [ "https://wazuh.com/blog/detecting-and-responding-to-bqtlock-ransomware-with-wazuh/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BQT", "display_name": "BQT", "target": null }, { "id": "BQTLock", "display_name": "BQTLock", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 35, "FileHash-SHA1": 35, "FileHash-SHA256": 35, "domain": 1, "hostname": 1 }, "indicator_count": 107, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "6966ac946d3096303f63e362", "name": "pppppppppppppppppppppppppppppppppppppp", "description": "The full text of the full-text of all the Bitcoin transactions, which began on 1 January 2016, has now been published on the website of \u00c2\u00a31.1bn-a-day.", "modified": "2026-02-12T20:00:34.248000", "created": "2026-01-13T20:35:32.047000", "tags": [ "hashmd5", "hashsha1", "hashsha256", "ip address", "url http" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vijay2752", "id": "368558", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "domain": 1 }, "indicator_count": 88, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "68935284a1ca835deb5f8640", "name": "BQTLock Ransomware", "description": "Also known as BaqiyatLock, this new threat actor, apparently offering its services as RaaS, has claimed two victims in July 2025.", "modified": "2025-11-28T15:07:07.663000", "created": "2025-08-06T13:02:59.640000", "tags": [ "ransomware", "BQTLock", "BaqiyatLock" ], "references": [ "https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bqtlock", "https://www.ransomware.live/group/bqtlock", "https://www.linkedin.com/pulse/ransomware-evolution-how-safepay-blackfl-bqtlock-rewriting-suvuf", "https://bazaar.abuse.ch/browse/tag/BQTLock", "https://www.cyfirma.com/news/weekly-intelligence-report-25-july-2025", "https://cybershafarat.com/2025/07/11/launch-of-our-cyber-tool-baqiyatlock-bqtlock-ransomware", "https://app.any.run/tasks/27302a4f-dc39-4370-adf5-47bbe84685af", "https://app.any.run/tasks/e16a8057-7a4f-4f48-833f-850797c91a0c", "https://app.any.run/tasks/dad06d54-8d41-482a-a7c3-a995581ad598", "https://app.any.run/tasks/2521fd0d-3100-45d6-8627-14a9a33ebd58", "https://app.any.run/tasks/2da5de92-18c1-4562-9185-415031905e2f", "https://app.any.run/tasks/8f7e512b-f736-48c1-8899-4eefdb97b555", "https://app.any.run/tasks/935d732a-ff5a-420d-ad3e-5ee013ae247f", "https://app.any.run/tasks/28adc2c0-037d-46e7-980d-4bf147044100", "https://app.any.run/tasks/90886c78-67bd-445a-808f-5c793c39521e", "https://app.any.run/tasks/17ae6b22-329e-41b2-8912-7a021ba4abc1", "https://app.any.run/tasks/347d4b7c-8625-404e-8e24-f402f927a47f", "https://app.any.run/tasks/8e1073a7-38d5-4b54-9c74-fb82db6f667b", "https://app.any.run/tasks/08de093c-9b6c-4494-8190-42e53809b5a7", "https://app.any.run/tasks/8f13fcda-23b9-45c7-b3c1-674eccb0de0f", "https://app.any.run/tasks/df4fd741-1f9a-46d7-924c-8e9dfd1bc742", "https://app.any.run/tasks/e7faa031-ae8b-4e74-ac48-f94ba30135ff", "https://app.any.run/tasks/02850584-6d40-4f6e-9fb8-57817d4d2453", "https://app.any.run/tasks/c4f321ec-2c12-4023-9529-4f592e81f25b", "https://app.any.run/tasks/2e81a090-2580-4aac-9918-fc38e388baf5" ], "public": 1, "adversary": "BQTLock", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChinaPlate", "id": "354170", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 40, "FileHash-SHA1": 29, "FileHash-SHA256": 51, "domain": 1 }, "indicator_count": 121, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "183 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "68ca7c6ff9c4dd6f2e41ea59", "name": "Dark Web Profile: BQTLock Ransomware.", "description": "BQTLock is a newly emerged Ransomware-as-a-Service (RaaS) that has rapidly gained notoriety for its aggressive operational tactics and sophisticated technical capabilities. Originating from the Middle East, the threat group behind BQTLock is led by Karim Fayad, who operates under aliases such as ZeroDayX and ZeroDayX1, with an associated member named Fuch0u. The group seems to engage with pro-Palestinian hacktivist organizations, leveraging social networks for mutual promotion and potentially collaboration.", "modified": "2025-10-17T09:04:36.507000", "created": "2025-09-17T09:16:31.415000", "tags": [ "iocs", "ransom onion", "site https", "ta social", "networks https", "ta webpage", "bqtlock", "mail" ], "references": [ "https://socradar.io/dark-web-profile-bqtlock-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "URL": 1, "domain": 3, "email": 1 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 } ], "references": [ "https://app.any.run/tasks/90886c78-67bd-445a-808f-5c793c39521e", "https://app.any.run/tasks/c4f321ec-2c12-4023-9529-4f592e81f25b", "https://app.any.run/tasks/dad06d54-8d41-482a-a7c3-a995581ad598", "https://app.any.run/tasks/17ae6b22-329e-41b2-8912-7a021ba4abc1", "https://bazaar.abuse.ch/browse/tag/BQTLock", "https://app.any.run/tasks/935d732a-ff5a-420d-ad3e-5ee013ae247f", "https://www.linkedin.com/pulse/ransomware-evolution-how-safepay-blackfl-bqtlock-rewriting-suvuf", "https://app.any.run/tasks/e16a8057-7a4f-4f48-833f-850797c91a0c", "https://app.any.run/tasks/8f7e512b-f736-48c1-8899-4eefdb97b555", "https://app.any.run/tasks/28adc2c0-037d-46e7-980d-4bf147044100", "https://app.any.run/tasks/2e81a090-2580-4aac-9918-fc38e388baf5", "https://app.any.run/tasks/df4fd741-1f9a-46d7-924c-8e9dfd1bc742", "https://app.any.run/tasks/347d4b7c-8625-404e-8e24-f402f927a47f", "https://www.ransomware.live/group/bqtlock", "https://app.any.run/tasks/08de093c-9b6c-4494-8190-42e53809b5a7", "https://app.any.run/tasks/8f13fcda-23b9-45c7-b3c1-674eccb0de0f", "https://cybershafarat.com/2025/07/11/launch-of-our-cyber-tool-baqiyatlock-bqtlock-ransomware", "IOCs.2026.csv", "https://app.any.run/tasks/2da5de92-18c1-4562-9185-415031905e2f", "https://app.any.run/tasks/8e1073a7-38d5-4b54-9c74-fb82db6f667b", "https://wazuh.com/blog/detecting-and-responding-to-bqtlock-ransomware-with-wazuh/", "https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bqtlock", "https://app.any.run/tasks/e7faa031-ae8b-4e74-ac48-f94ba30135ff", "https://socradar.io/dark-web-profile-bqtlock-ransomware/", "https://app.any.run/tasks/2521fd0d-3100-45d6-8627-14a9a33ebd58", "https://app.any.run/tasks/27302a4f-dc39-4370-adf5-47bbe84685af", "https://www.cyfirma.com/news/weekly-intelligence-report-25-july-2025", "https://app.any.run/tasks/02850584-6d40-4f6e-9fb8-57817d4d2453" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "BQTLock" ], "malware_families": [ "Bqtlock", "Bqt" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69f32bff38251e177e78b526", "name": "EbeeApril2026 Pt7", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:16:31.340000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20243721 cve" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 63, "CVE": 8, "FileHash-MD5": 216, "FileHash-SHA1": 220, "FileHash-SHA256": 246, "domain": 98, "hostname": 95 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "11 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "69ead582c3aaefa43cff3cca", "name": "IOC - Detecting and responding to BQTLock ransomware with Wazuh | Wazuh", "description": "BQTLock ransomware is a malicious strain of ransomware that targets Windows endpoints and can encrypt files with the same encryption extension as the.bqtlock extension, which encrypts files and demands a ransom for their release.", "modified": "2026-04-24T02:29:22.743000", "created": "2026-04-24T02:29:22.743000", "tags": [ "ifsid", "mitre", "description", "rule", "field", "wazuh", "bqtlock", "wazuh dashboard", "wazuh server", "click save", "click", "suspicious", "reload", "restart", "python", "error", "import", "download", "path", "powershell", "copy", "encrypt", "bqt" ], "references": [ "https://wazuh.com/blog/detecting-and-responding-to-bqtlock-ransomware-with-wazuh/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BQT", "display_name": "BQT", "target": null }, { "id": "BQTLock", "display_name": "BQTLock", "target": null } ], "attack_ids": [ { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 35, "FileHash-SHA1": 35, "FileHash-SHA256": 35, "domain": 1, "hostname": 1 }, "indicator_count": 107, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "6966ac946d3096303f63e362", "name": "pppppppppppppppppppppppppppppppppppppp", "description": "The full text of the full-text of all the Bitcoin transactions, which began on 1 January 2016, has now been published on the website of \u00c2\u00a31.1bn-a-day.", "modified": "2026-02-12T20:00:34.248000", "created": "2026-01-13T20:35:32.047000", "tags": [ "hashmd5", "hashsha1", "hashsha256", "ip address", "url http" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vijay2752", "id": "368558", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "domain": 1 }, "indicator_count": 88, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "68935284a1ca835deb5f8640", "name": "BQTLock Ransomware", "description": "Also known as BaqiyatLock, this new threat actor, apparently offering its services as RaaS, has claimed two victims in July 2025.", "modified": "2025-11-28T15:07:07.663000", "created": "2025-08-06T13:02:59.640000", "tags": [ "ransomware", "BQTLock", "BaqiyatLock" ], "references": [ "https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bqtlock", "https://www.ransomware.live/group/bqtlock", "https://www.linkedin.com/pulse/ransomware-evolution-how-safepay-blackfl-bqtlock-rewriting-suvuf", "https://bazaar.abuse.ch/browse/tag/BQTLock", "https://www.cyfirma.com/news/weekly-intelligence-report-25-july-2025", "https://cybershafarat.com/2025/07/11/launch-of-our-cyber-tool-baqiyatlock-bqtlock-ransomware", "https://app.any.run/tasks/27302a4f-dc39-4370-adf5-47bbe84685af", "https://app.any.run/tasks/e16a8057-7a4f-4f48-833f-850797c91a0c", "https://app.any.run/tasks/dad06d54-8d41-482a-a7c3-a995581ad598", "https://app.any.run/tasks/2521fd0d-3100-45d6-8627-14a9a33ebd58", "https://app.any.run/tasks/2da5de92-18c1-4562-9185-415031905e2f", "https://app.any.run/tasks/8f7e512b-f736-48c1-8899-4eefdb97b555", "https://app.any.run/tasks/935d732a-ff5a-420d-ad3e-5ee013ae247f", "https://app.any.run/tasks/28adc2c0-037d-46e7-980d-4bf147044100", "https://app.any.run/tasks/90886c78-67bd-445a-808f-5c793c39521e", "https://app.any.run/tasks/17ae6b22-329e-41b2-8912-7a021ba4abc1", "https://app.any.run/tasks/347d4b7c-8625-404e-8e24-f402f927a47f", "https://app.any.run/tasks/8e1073a7-38d5-4b54-9c74-fb82db6f667b", "https://app.any.run/tasks/08de093c-9b6c-4494-8190-42e53809b5a7", "https://app.any.run/tasks/8f13fcda-23b9-45c7-b3c1-674eccb0de0f", "https://app.any.run/tasks/df4fd741-1f9a-46d7-924c-8e9dfd1bc742", "https://app.any.run/tasks/e7faa031-ae8b-4e74-ac48-f94ba30135ff", "https://app.any.run/tasks/02850584-6d40-4f6e-9fb8-57817d4d2453", "https://app.any.run/tasks/c4f321ec-2c12-4023-9529-4f592e81f25b", "https://app.any.run/tasks/2e81a090-2580-4aac-9918-fc38e388baf5" ], "public": 1, "adversary": "BQTLock", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ChinaPlate", "id": "354170", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 40, "FileHash-SHA1": 29, "FileHash-SHA256": 51, "domain": 1 }, "indicator_count": 121, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "183 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 }, { "id": "68ca7c6ff9c4dd6f2e41ea59", "name": "Dark Web Profile: BQTLock Ransomware.", "description": "BQTLock is a newly emerged Ransomware-as-a-Service (RaaS) that has rapidly gained notoriety for its aggressive operational tactics and sophisticated technical capabilities. Originating from the Middle East, the threat group behind BQTLock is led by Karim Fayad, who operates under aliases such as ZeroDayX and ZeroDayX1, with an associated member named Fuch0u. The group seems to engage with pro-Palestinian hacktivist organizations, leveraging social networks for mutual promotion and potentially collaboration.", "modified": "2025-10-17T09:04:36.507000", "created": "2025-09-17T09:16:31.415000", "tags": [ "iocs", "ransom onion", "site https", "ta social", "networks https", "ta webpage", "bqtlock", "mail" ], "references": [ "https://socradar.io/dark-web-profile-bqtlock-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "URL": 1, "domain": 3, "email": 1 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA1", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "84c7bfb0e243dd99b674e48701acab6b", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "84c7bfb0e243dd99b674e48701acab6b", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780177620.155232 }