A brand new post-exploitation framework referred to as EXFILTRATOR-22 (aka EX-22) has truly emerged with the aim of deploying ransomware inside company networks whereas flying underneath the radar.
CYFIRMA says in a brand new report, “The breadth of performance makes post-exploitation work straightforward for anybody who purchases this device.”
Notable options embrace establishing a reverse shell with elevated privileges, importing and downloading recordsdata, logging keystrokes, launching ransomware to encrypt recordsdata, and reside VNC (Digital Community Compute Community) for real-time entry. for instance, beginning a session.
It additionally has the power to outlive system reboots, carry out lateral motion by the worm, view operating processes, generate cryptographic hashes of recordsdata, and extract authentication tokens.
A cybersecurity agency assessed with some confidence that the menace actors concerned in creating the malware function from the North, East, or Southeast Asia and are probably former associates of the LockBit ransomware. .
Marketed as fully undetectable malware on Telegram and YouTube, EX-22 is obtainable for $1,000 per 30 days or $5,000 for lifetime entry. Criminals who buy the toolkit can be supplied with a login panel to entry the EX-22 server and remotely management the malware.
Since its first look on November 27, 2022, the malware creator has continued so as to add new options to its toolkit, indicating energetic growth work.
The connection to LockBit 3.0 stems from technical and infrastructure duplication, with each malware households using the identical area fronting mechanism to cover command and management (C2) visitors.
The Put up-exploitation-framework-as-a-service (PEFaaS) mannequin is the most recent device accessible to attackers seeking to preserve covert entry to compromised gadgets over time.
We additionally take part in different frameworks akin to Manjusaka and Alchimist, in addition to official open supply alternate options akin to Cobalt Strike, Metasploit, Sliver, Empire, Brute Ratel, and Havoc which have been adopted for malicious functions. enhance.