BushidoUK RVM Profile: WarLock

Group Profile: WarLock

Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.

WarLock's Exploited Vulnerabilities

> [!NOTE]

> This is the list of vulnerabilities that have been observed during intrusions that lead to WarLock ransomware deployment or data exfiltration and leaks published to WarLock's Tor Site

SmarterTools

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SmarterMail | CVE-2026-23760 | Storm-2603 (Warlock) | reliaquest.com |

SolarWinds

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SolarWinds Web Help Desk | CVE-2025-40551 | Storm-2603 (Warlock) | linkedin.com |

CentreStack

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| Gladinet CentreStack | CVE-2025-14611 | Storm-2603 (Warlock) | linkedin.com |

MS Server Products

| Product | CVE(s) | Ransomware Group(s) | Source(s) |

|---|---|---|---|

| SharePoint Server | CVE-2025-49706, CVE-2025-49704 ("ToolShell") | Storm-2603 (Warlock) | microsoft.com |

---

#### Sources

| Date Published | Report |

|---|---|

| 9 February 2026 | https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware/ |

| 10 February 2026 | https://www.linkedin.com/pulse/pulling-back-curtain-warlocks-next-act-blacklotuslabs-lduze/ |

| 22 July 2025 | https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603 |

Referencias

• Source: BushidoUK RVM GroupProfiles
• BushidoUK RVM Repository