100 Days of YARA – Day 34: TinyMet

TinyMet is a small meterpreter stager, written in C++: https://github.com/SherifEldeeb/TinyMet

I have encountered this malware used in intrusions as well as at attack/defend CTFs.

rule tinymet
{
	meta:
		description = "https://github.com/SherifEldeeb/TinyMet"

	strings:
		$a = "tinymet.com"
		$b = "TinyMet"
		$c = "Available transports are as follows:"

	condition:
		all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 34: TinyMet

  1. Pingback: Week 04 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s