Update third-party rules as of 2024-12-24 (#737)

Co-authored-by: Update third-party rules <41898282+github-actions[bot]@users.noreply.github.com>
chainguard-dev · Dec 24, 2024 · 0dbd3ac · 0dbd3ac
1 parent f658e86
commit 0dbd3ac
Show file tree

Hide file tree

Showing 15 changed files with 42,746 additions and 18,996 deletions.
diff --git a/tests/linux/2021.XMR-Stak/1b1a56.elf.simple b/tests/linux/2021.XMR-Stak/1b1a56.elf.simple
@@ -1,6 +1,7 @@
 # linux/2021.XMR-Stak/1b1a56.elf: critical
 3P/TTC-CERT/kittipongk_cryptominer_xmr: high
 3P/elastic/cryptominer_stak: critical
+3P/sekoia/miner_lin_xmrig: critical
 c2/addr/http_dynamic: medium
 c2/addr/ip: medium
 c2/addr/url: low

diff --git a/tests/linux/2022.bpfdoor/bpfdoor_1.simple b/tests/linux/2022.bpfdoor/bpfdoor_1.simple
@@ -1,5 +1,6 @@
 # linux/2022.bpfdoor/bpfdoor_1: critical
 3P/elastic/bpfdoor: critical
+3P/sekoia/backdoor_lin_bpfdoor: critical
 3P/sig_base/redmenshen_bpfdoor: critical
 data/random/insecure: low
 exec/program: medium

diff --git a/tests/linux/2024.Gelsemium/dbus.simple b/tests/linux/2024.Gelsemium/dbus.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/dbus: critical
+3P/sekoia/gelsemium_firewood_backdoor: critical
 anti-static/elf/multiple: medium
 crypto/decrypt: low
 crypto/encrypt: medium

diff --git a/tests/linux/2024.Gelsemium/kde.simple b/tests/linux/2024.Gelsemium/kde.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/kde: critical
+3P/sekoia/gelsemium_wolfsbane_launcher: critical
 crypto/rc4: low
 discover/process/name: medium
 evasion/file/location/dev_shm: high

diff --git a/tests/linux/2024.Gelsemium/libselinux.so.simple b/tests/linux/2024.Gelsemium/libselinux.so.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/libselinux.so: critical
+3P/sekoia/gelsemium_wolfsbane_rootkit: critical
 anti-static/obfuscation/hidden_literals: medium
 anti-static/xor/commands: high
 anti-static/xor/paths: high

diff --git a/tests/linux/2024.Gelsemium/udevd.simple b/tests/linux/2024.Gelsemium/udevd.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/udevd: critical
+3P/sekoia/gelsemium_wolfsbane_backdoor: critical
 anti-static/elf/multiple: medium
 c2/addr/ip: medium
 c2/addr/url: low

diff --git a/tests/linux/2024.Gelsemium/udevd_multi.simple b/tests/linux/2024.Gelsemium/udevd_multi.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/udevd_multi: critical
+3P/sekoia/gelsemium_wolfsbane_backdoor: critical
 anti-static/elf/multiple: medium
 c2/addr/ip: medium
 c2/addr/url: low

diff --git a/tests/linux/2024.chisel/crondx.simple b/tests/linux/2024.chisel/crondx.simple
@@ -1,4 +1,5 @@
 # linux/2024.chisel/crondx: critical
+3P/sekoia/chisel_strings: critical
 c2/addr/ip: high
 c2/addr/url: low
 c2/tool_transfer/arch: low

diff --git a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.dylib.simple b/tests/macOS/2023.3CX/libffmpeg.dirty.dylib.simple
@@ -1,6 +1,9 @@
 # macOS/2023.3CX/libffmpeg.dirty.dylib: critical
+3P/sekoia/downloader_smooth_operator: critical
 3P/sig_base/3cxdesktopapp_backdoor: critical
 3P/sig_base/nk_3cx_dylib: critical
+3P/sig_base/susp_xored_mozilla: critical
+3P/volexity/iconic: critical
 anti-static/xor/user_agent: critical
 c2/addr/url: low
 c2/tool_transfer/arch: low

diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20241222
+20241223
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar