Friday 3rd March 2023

CTI Weekly: EX-22 allows malware to spread in corporate networks

This week we reported on a new post-exploitation framework labelled EXFILTRATOR-22 (EX-22) that allows threat actors to spread ransomware in corporate networks.

EX-22 operates as a post-exploitation-framework-as-a-service model, where threat actors can purchase access to the platform for USD 1000 per month or USD 5000 for lifetime access.

The framework’s creators have been promoting EX-22 since November 2022, claiming to be superior to other post-exploitation toolkits because it is allegedly more difficult to detect. EX-22 creators first created a Telegram channel to advertise the malware to potential users before creating a YouTube channel featuring multiple demonstration videos.


Subscribe below to read why EX22 matters and to discover other significant cyber criminals, nation-state and hacktivist news.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.