As reported by Catalin Climpanu today some of the tools used by OilRig attack group have been leaked by a persona using the “Lab Dookhtegan pseudonym”. You can read the full article in the link here.

I have uploaded the full leak and tools as published on Lab Dookhtegan Telegram Chanel and can be downloaded here.

Please make sure you use proper security steps such as sandbox and isolated environment.
The origin of the leaked files is unknown and was not inspected for booby traps etc.

This file was uploaded for research and defense purpose only. If you plan to use this for malicious reasons you suck.

Pass: vJrqJeJo2n005FF*

If you are creating any signatures such as Yara and Snort please share back with the community.

Happy Researching

Update 03/06/2019

Today the account “لب دوختگان

Lab Dookhtegan

Read My Lips” have released a new leak of a tool called “Json”.

Untitled

As claimed by the account, the tool is used for stealing email accounts and passwords from MOIS victims.

The tool has been uploaded to Virustotal quickly after its released in the telegram channel and has 0 detection rate at the time although compiled in 2015.
Annotation-2019-06-03-143552

The tool seems to be a relativly simple bruteforce attacker against online exchange services:
Annotation-2019-06-03-151144

As usual you can download the leak from the following link
Pass: riskymalware