100 Days of YARA – Day 38: pupy

Pupy is yet another open-source RAT/C2 framework. Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions …

Continue reading 100 Days of YARA – Day 38: pupy

100 Days of YARA – Day 35: nanomet

nanomet is another meterpreter stager, similar to TinyMet, written in C: https://github.com/kost/nanomet I have encountered this malware in real-life intrusions and at attack/defend CTFs. rule nanomet { meta: description = "https://github.com/kost/nanomet" strings: $a = "github.com/kost/nanomet" $b = "nanomet.exe" $c = "Available transports are as follows:" condition: all of them } YARA Rules Index