{ "type": "URL", "indicator": "https://guns.lol/zerodayx", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://guns.lol/zerodayx", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4131633660, "indicator": "https://guns.lol/zerodayx", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "68ca7c6ff9c4dd6f2e41ea59", "name": "Dark Web Profile: BQTLock Ransomware.", "description": "BQTLock is a newly emerged Ransomware-as-a-Service (RaaS) that has rapidly gained notoriety for its aggressive operational tactics and sophisticated technical capabilities. Originating from the Middle East, the threat group behind BQTLock is led by Karim Fayad, who operates under aliases such as ZeroDayX and ZeroDayX1, with an associated member named Fuch0u. The group seems to engage with pro-Palestinian hacktivist organizations, leveraging social networks for mutual promotion and potentially collaboration.", "modified": "2025-10-17T09:04:36.507000", "created": "2025-09-17T09:16:31.415000", "tags": [ "iocs", "ransom onion", "site https", "ta social", "networks https", "ta webpage", "bqtlock", "mail" ], "references": [ "https://socradar.io/dark-web-profile-bqtlock-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "URL": 1, "domain": 3, "email": 1 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://socradar.io/dark-web-profile-bqtlock-ransomware/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 94 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/guns.lol", "whois": "http://whois.domaintools.com/guns.lol", "domain": "guns.lol", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "68ca7c6ff9c4dd6f2e41ea59", "name": "Dark Web Profile: BQTLock Ransomware.", "description": "BQTLock is a newly emerged Ransomware-as-a-Service (RaaS) that has rapidly gained notoriety for its aggressive operational tactics and sophisticated technical capabilities. Originating from the Middle East, the threat group behind BQTLock is led by Karim Fayad, who operates under aliases such as ZeroDayX and ZeroDayX1, with an associated member named Fuch0u. The group seems to engage with pro-Palestinian hacktivist organizations, leveraging social networks for mutual promotion and potentially collaboration.", "modified": "2025-10-17T09:04:36.507000", "created": "2025-09-17T09:16:31.415000", "tags": [ "iocs", "ransom onion", "site https", "ta social", "networks https", "ta webpage", "bqtlock", "mail" ], "references": [ "https://socradar.io/dark-web-profile-bqtlock-ransomware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1055.003", "name": "Thread Execution Hijacking", "display_name": "T1055.003 - Thread Execution Hijacking" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "URL": 1, "domain": 3, "email": 1 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://guns.lol/zerodayx", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://guns.lol/zerodayx", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780258700.4810424 }