Please make sure you use proper security steps such as sandbox and isolated environment.
The origin of the leaked files is unknown and was not inspected for booby traps etc.
This file was uploaded for research and defense purpose only. If you plan to use this for malicious reasons you suck.
If you are creating any signatures such as Yara and Snort please share back with the community.
|Today the account “لب دوختگان||Lab Dookhtegan||Read My Lips” have released a new leak of a tool called “Json”.|
As claimed by the account, the tool is used for stealing email accounts and passwords from MOIS victims.
The tool has been uploaded to Virustotal quickly after its released in the telegram channel and has 0 detection rate at the time although compiled in 2015.
The tool seems to be a relativly simple bruteforce attacker against online exchange services:
As usual you can download the leak from the following link