New Post-Exploitation Exfiltrator-22 Ransomware Framework Designed to Evade Detection

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A new post-exploitation framework called EXFILTRATOR-22 a.k.a. EX-22 appears to have been created by a group operating in North, East, or South-East Asia. The group is skilled in defense evasion and anti-analysis techniques and is utilizing leaked source code to develop its own framework, which is being marketed as fully undetectable by every antivirus and endpoint detection and response vendor. The framework is being sold as a subscription-based service, with lifetime access costing $5,000 and per month $1000.