100 Days of YARA – Day 35: nanomet

On January 23, 2022December 31, 2021 By DanielIn 100 days of Yara

nanomet is another meterpreter stager, similar to TinyMet, written in C: https://github.com/kost/nanomet

I have encountered this malware in real-life intrusions and at attack/defend CTFs.

rule nanomet
{
	meta:
		description = "https://github.com/kost/nanomet"

	strings:
		$a = "github.com/kost/nanomet"
		$b = "nanomet.exe"
		$c = "Available transports are as follows:"

	condition:
		all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 35: nanomet”

Pingback: Week 05 – 2022 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Share this:

Like this:

One thought on “100 Days of YARA – Day 35: nanomet”

Leave a Reply Cancel reply