A new write-up-exploitation framework termed EXFILTRATOR-22 (aka EX-22) has emerged in the wild with the goal of deploying ransomware in just company networks whilst traveling underneath the radar.
“It comes with a wide vary of capabilities, making article-exploitation a cakewalk for everyone purchasing the instrument,” CYFIRMA reported in a new report.
Some of the notable attributes consist of setting up a reverse shell with elevated privileges, uploading and downloading information, logging keystrokes, launching ransomware to encrypt information, and starting a dwell VNC (Virtual Network Computing) session for actual-time accessibility.
It really is also outfitted to persist immediately after system reboots, perform lateral motion by means of a worm, perspective operating procedures, deliver cryptographic hashes of data files, and extract authentication tokens.
The cybersecurity business assessed with reasonable self esteem that menace actors liable for building the malware are operating from North, East, or Southeast Asia and are likely previous affiliate marketers of the LockBit ransomware.
Marketed as a completely undetectable malware on Telegram and YouTube, EX-22 is supplied for $1,000 a month or $5,000 for lifetime accessibility. Legal actors buying the toolkit are offered a login panel to obtain the EX-22 server and remotely handle the malware.
Given that its to start with visual appeal on November 27, 2022, the malware authors have consistently iterated the toolkit with new capabilities, indicating lively improvement function.
The connections to LockBit 3. come up from technological and infrastructure overlaps, with both of those malware households employing the exact same domain fronting mechanism for hiding command-and-manage (C2) visitors.
The write-up-exploitation-framework-as-a-support (PEFaaS) product is the hottest resource out there for adversaries seeking to manage covert accessibility to compromised products more than an prolonged interval of time.
It also joins other frameworks like Manjusaka and Alchimist as perfectly as legit and open resource alternate options these types of as Cobalt Strike, Metasploit, Sliver, Empire, Brute Ratel, and Havoc that have been co-opted for destructive finishes.
Located this article interesting? Follow us on Twitter and LinkedIn to browse much more exclusive articles we article.
Some parts of this article are sourced from:
thehackernews.com