3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
BAQIYAT BOTNET

BAQIYAT BOTNET

ID: 0e765fc626d781204c85098a345f61cc33492
Crimeware Botnet
Threat types: Botnet
Iran ISR, ARE, USA
Updated: 2026-04-16
Created: 2026-01-26
Progress: 90% Completeness: 85% Freshness: 100%
Operation zone: Israel, United Arab Emirates, United States
Aliases Limited alias preview
BQTnet 313 BQTnet313
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

BAQIYAT BOTNET is best assessed as a functional crimeware and infrastructure ecosystem tied to Baqiyat 313 Locker / BQTLock rather than a fully separate actor brand. Public reporting points to companion Telegram channels for scanning, OSINT and RaaS operations, suggesting a modular support stack used for victim acquisition, operational coordination and ransomware enablement.


Technique Technique name Tactics Evidence
T1583.001 Domains TA0042
  • 2025-07-19 — INFERENCE (confidence: medium): BQT ecosystem uses dedicated leak and coordination infrastructure for operations and victim management. · ref
T1595 Active Scanning TA0043
  • 2025-07-19 — BQTscanner channel naming strongly indicates scanning as a support function for victim discovery or validation. · ref
T1587.001 Malware TA0042
  • 2025-07-19 — Public reporting ties the ecosystem directly to BQTLock ransomware development or operation. · ref
T1486 Data Encrypted for Impact TA0040
  • 2025-07-19 — BQTLock is a ransomware platform using data encryption for impact and extortion. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-04-16T02:56:48+00:00

BAQIYAT BOTNET

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Category: Crimeware / Botnet-scanner ecosystem - Origin: Likely Middle East-linked operator set

Author: iQBlack CTI Team


Executive Summary

BAQIYAT BOTNET is best assessed as a functional crimeware and infrastructure ecosystem tied to Baqiyat 313 Locker / BQTLock rather than a fully separate actor brand. Public reporting points to companion Telegram channels for scanning, OSINT and RaaS operations, suggesting a modular support stack used for victim acquisition, operational coordination and ransomware enablement.


Public reporting indicates that this actor or brand matters less because of bespoke technical sophistication than because of its position inside a wider mobilization, propaganda, ransomware, or coalition ecosystem.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — BAQIYAT BOTNET

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — BAQIYAT BOTNET


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-16T02:59:11+00:00

IOC Appendix — BAQIYAT BOTNET

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-04-16T02:59:55+00:00

OSINT Library — BAQIYAT BOTNET


2025-06-12 — Outpost24 — “zerodayx1: Hacktivist groups turning to ransomware operations”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/1
Address Verification SOCMINT
t.me/BQT*** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Logo Free Preview
Logo