GroupProfiles: Warlock.md
Recurso del BushidoUK Ransomware Tool Matrix - GroupProfiles.
Warlock's Tools
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
| Everything.exe | Radmin | Antiy System In-Depth Analysis Toolkit driver (BYOVD) | Mimikatz | Cobalt Strike | Azure Blog Storage | Minidump | RClone |
| SecurityCheck | TightVNC | NsecSoft driver (BYOVD) | Veeam-Get-Creds | Velociraptor | Catbox[.]moe | Msiexec | |
| | | Rising Antivirus driver (BYOVD) | | Impacket | Cloudflared | PsExec | |
| | | VMTools AV Killer (BYOVD) | | | OpenSSH | PowerShell Remoting (PSRemoting) | |
| | | | | | MinIO | RDP Patcher | |
| | | | | | Supabase | | |
| | | | | | VS Code Tunnel | | |
| | | | | | Yuze | | |
> [!NOTE]
> This is the list of tools that have been observed during various intrusions that lead to Warlock's ransomware deployment.
#### Sources
| Date Published | Report |
|---|---|
| 16 March 2026 | https://www.trendmicro.com/en_us/research/26/c/dissecting-a-warlock-attack.html |
| 11 December 2025 | https://www.sophos.com/en-us/blog/gold-salem-tradecraft-for-deploying-warlock-ransomware |
| 9 October 2025 | https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ |