CTI Weekly: EX-22 allows malware to spread in corporate networks

This week we reported on a new post-exploitation framework labelled EXFILTRATOR-22 (EX-22) that allows threat actors to spread ransomware in corporate networks.

EX-22 operates as a post-exploitation-framework-as-a-service model, where threat actors can purchase access to the platform for USD 1000 per month or USD 5000 for lifetime access.

The framework’s creators have been promoting EX-22 since November 2022, claiming to be superior to other post-exploitation toolkits because it is allegedly more difficult to detect. EX-22 creators first created a Telegram channel to advertise the malware to potential users before creating a YouTube channel featuring multiple demonstration videos.

Subscribe below to read why EX–22 matters and to discover other significant cyber criminals, nation-state and hacktivist news.