Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Warlock

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.
Extension(s): .x2anylock

Victims
78
 
First Discovered
2025-06-11
victim
Last Discovered
2025-11-06
victim
Inactive Since
151
days
Avg Delay
26.6
days
Infostealer
32.7%
victims with domain

View Victims on World Map

View group statistics

Known Locations (4)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Warlock Client Leaked Data Show No 2025-07-11 05:30:13 elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion
favicon WarLock Client Data Leak Show No 2026-02-22 15:30:23 zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion
favicon No 2026-03-25 08:01:17 ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion
favicon WarLock Client Data Leak Show Yes 2026-04-06 14:31:35 warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion
Target (Available)
Top 5 Activity Sectors
  • Technology 20
  • Financial Services 3
  • Telecommunication 3
  • Agriculture and Food Production 2
  • Manufacturing 2
Top 5 Countries
  • US flag United States 12
  • JP flag Japan 5
  • RU flag Russian Federation 5
  • GB flag United Kingdom 4
  • TR flag Türkiye 2
Heatmap (Available)
Ransom Notes (2)
Tools Used (Available)
This information is provided by Ransomware-Tool-Matrix
Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
SecurityCheck
Radmin
VMTools AV Killer (BYOVD)
Mimikatz
Veeam-Get-Creds
Velociraptor
Cloudflared
OpenSSH
MinIO
VS Code Tunnel
Minidump
Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (0)

No YARA rules available.

Indicators of Compromise (IoCs) (4)
SHA256 1 TOX 3
Type IOC
sha256 da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb
tox 3DCE1C43491FC92EA7010322040B254FDD2731001C2DDC2B9E819F0C946BDC3CD251FA3B694A
tox 84490152E99B9EC4BCFE16080AFCFD6FDCD87512027E85DB318F7B3440982637FC2847F71685
tox F79A71AD8BB2E3E7EDFC38970FDC05E922E429B5DFC325C7D0E91F216DE8F3537C1A1C97F197
Victims (78)
Logo
energogroup.net RU
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
goldenline.com PL
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
bengineered.com.au AU
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
mnpease.ca CA
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
metro.local
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
cybervector.co.uk GB
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
fabrity.local
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
miltech.local
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
mytune.me
Warlock
Discovered: 2025-11-06  ·  Attack est.: 2025-11-01
No description provided.…
Logo
atg.cz CZ
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
tein.co.jp JP
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
bel.quadra.ru RU
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
ippm.org
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
sf.walltopia.com US
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
nartis.ru RU
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
alphasys.bo BO
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
silanosn.local
Warlock
Discovered: 2025-11-06
No description provided.…
Logo
siball.net RU
Warlock
Discovered: 2025-09-23
all data…
Logo
chroma.com.tw TW
Warlock
Discovered: 2025-09-16
all data…
Logo
ferus-smit.home
Warlock
Discovered: 2025-09-16
all data…
Logo
jubileelife.com PK
Warlock
Discovered: 2025-09-16
all data…
Logo
kmssa.net SA
Warlock
Discovered: 2025-09-16
all data…
Logo
webville.net
Warlock
Discovered: 2025-09-16
all data…
Logo
elssurveying.com US
Warlock
Discovered: 2025-09-16
all data…
Logo
medkar.com TR
Warlock
Discovered: 2025-09-16
all data…
Logo
okan.ru RU
Warlock
Discovered: 2025-09-08
finance data…
Logo
mffood.com DK
Warlock
Discovered: 2025-09-01
300G data…
Logo
gmpc.com
Warlock
Discovered: 2025-09-01
No description provided.…
Logo
airfastindonesia.com ID
Warlock
Discovered: 2025-08-25
all user data…
Logo
infoniqa.com AT
Warlock
Discovered: 2025-08-18
165g data, including internal documents, financial documents, employee information, CRM database, HR…
Logo
gmtaconline PH
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
woodboure
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
STRGOME
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
argeninta
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
houra FR
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
houxt GB
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
getdomain DK
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-04
The data has been bought by other buyers (not victims)…
Logo
kipl IN
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo…
Logo
nszi
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo…
Logo
accsnet.com JP
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
all data…
Logo
advion.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
all data…
Logo
mysecop.com
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-07-29
all data…
Logo
atcmanufacturing
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
all data…
Logo
orange.com FR
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
This is only a part of the files and file list. The full set of files needs to be purchased separate…
Logo
anthembio.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
all data…
Logo
syspro.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
all data…
Logo
brightwork.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-09
[AI generated] BrightWork.com is a project management software company that provides solutions for t…
Logo
starsalliance.com
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-06
The data has been purchased by other buyers…
Logo
sipecom.com EC
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-06
all data…
Logo
wytechnology.local
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-07
The data has been purchased by other buyers…
Logo
webcids.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-08
all data…
Logo
rougine-mfg.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-08
all data…
Logo
magcpa.com US
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-14
all data…
Logo
wfd2027uae.ae AE
Warlock
Discovered: 2025-08-17  ·  Attack est.: 2025-08-15
all data…
Logo
tagorg.com JO
Warlock
Discovered: 2025-08-17
all data…
Logo
hitachi-hta.com JP
Warlock
Discovered: 2025-08-17
all data…
Logo
primrose.com GB
Warlock
Discovered: 2025-08-17
all data…
Logo
clearybuilding.us US
Warlock
Discovered: 2025-08-17
all data…
Logo
colt.net GB
Warlock
Discovered: 2025-08-17
1 million documents,The full set of files needs to be purchased separately.…
Logo
currimjee MU
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-05-02
[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its…
Logo
via-optronics DE
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-05-02
[AI generated] Via Optronics is a global technology company that specializes in the production of in…
Logo
iberol ES
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-10
[AI generated] N/A…
Logo
eira-group FI
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-10
[AI generated] N/A…
Logo
KMMP JP
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-28
[AI generated] N/A…
Logo
nipponindiaim IN
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-30
[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of …
Logo
unilever NL
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-15
[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in…
Logo
Ersar
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-04
[AI generated] N/A…
Logo
NCVOO BM
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-04
[AI generated] N/A…
Logo
BTHK HK
Warlock
Discovered: 2025-06-11  ·  Attack est.: 2025-04-02
All data…
Logo
lactanet CA
Warlock
Discovered: 2025-06-11
[AI generated] Lactanet is an agricultural company that provides critical information and innovative…
Logo
ssi-mi JP
Warlock
Discovered: 2025-06-11
[AI generated] N/A…
Logo
dad
Warlock
Discovered: 2025-06-11
[AI generated] N/A…
Logo
astronika PL
Warlock
Discovered: 2025-06-11
[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, wi…
Logo
sras
Warlock
Discovered: 2025-06-11
[AI generated] N/A…
Logo
icidesi TR
Warlock
Discovered: 2025-06-11
[AI generated] N/A…
Logo
taos US
Warlock
Discovered: 2025-06-11
[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, …
Logo
carducci
Warlock
Discovered: 2025-06-11
[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded i…
Logo
Arch-con US
Warlock
Discovered: 2025-06-11
[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. Th…