Jason Email Hacking Tool Leaked Online
The source code for a new hacking tool named Jason, allegedly used by the OilRig advanced persistent threat group (also known as APT34), has been leaked online.
Jason is used to perform brute force attacks against Microsoft Exchange email servers using pre-compiled lists of usernames and passwords and is controlled by a simple user interface.
The tool works is used by threat actors to carry out brute-force attacks using a dictionary of password samples and four text files containing numerical patterns.
Since the source code has become publicly available, it is possible attackers may incorporate Jason into their campaigns or malware.
VirusTotal details here
MD5 172c004ec5ecac3c4b13336200c693e4
SHA-1 1cd310cb0293e21374e3dc01607a09106f2d1d74
SHA256 9762444b94fa6cc5a25c79c487bbf97e007cb680118afeab0f5643d211fa3f78
Authentihash 1651490ce86d52842c6f22fd42804563b7765a126ff3a5ff5764deeff97df67b
Imphash f34d5f2d4577ed6d9ceec516c1f5a744
SSDEEP 768:7Nrk2kg7hdEpIJW/v+4dymaUM6v3dgmBTajWhVsBEVsB7:xfh+IJW/v+4lM6v35NajGsBEsB7
File type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly
File size 46.5 KB (47616 bytes)
Affected Platforms
- Microsoft Exchange Server – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.