Merge branch 'main' into fix-diff-changed-behavior

egibs · web-flow · commit 91eb886cd19b · 2024-12-30T11:14:03.000-06:00
Signed-off-by: Evan Gibler &lt;20933572+egibs@users.noreply.github.com&gt;
diff --git a/tests/linux/2021.XMR-Stak/1b1a56.elf.simple b/tests/linux/2021.XMR-Stak/1b1a56.elf.simple
@@ -1,6 +1,7 @@
 # linux/2021.XMR-Stak/1b1a56.elf: critical
 3P/TTC-CERT/kittipongk_cryptominer_xmr: high
 3P/elastic/cryptominer_stak: critical
+3P/sekoia/miner_lin_xmrig: critical
 c2/addr/http_dynamic: medium
 c2/addr/ip: medium
 c2/addr/url: low
diff --git a/tests/linux/2022.bpfdoor/bpfdoor_1.simple b/tests/linux/2022.bpfdoor/bpfdoor_1.simple
@@ -1,5 +1,6 @@
 # linux/2022.bpfdoor/bpfdoor_1: critical
 3P/elastic/bpfdoor: critical
+3P/sekoia/backdoor_lin_bpfdoor: critical
 3P/sig_base/redmenshen_bpfdoor: critical
 data/random/insecure: low
 exec/program: medium
diff --git a/tests/linux/2024.Gelsemium/dbus.simple b/tests/linux/2024.Gelsemium/dbus.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/dbus: critical
+3P/sekoia/gelsemium_firewood_backdoor: critical
 anti-static/elf/multiple: medium
 crypto/decrypt: low
 crypto/encrypt: medium
diff --git a/tests/linux/2024.Gelsemium/kde.simple b/tests/linux/2024.Gelsemium/kde.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/kde: critical
+3P/sekoia/gelsemium_wolfsbane_launcher: critical
 crypto/rc4: low
 discover/process/name: medium
 evasion/file/location/dev_shm: high
diff --git a/tests/linux/2024.Gelsemium/libselinux.so.simple b/tests/linux/2024.Gelsemium/libselinux.so.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/libselinux.so: critical
+3P/sekoia/gelsemium_wolfsbane_rootkit: critical
 anti-static/obfuscation/hidden_literals: medium
 anti-static/xor/commands: high
 anti-static/xor/paths: high
diff --git a/tests/linux/2024.Gelsemium/udevd.simple b/tests/linux/2024.Gelsemium/udevd.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/udevd: critical
+3P/sekoia/gelsemium_wolfsbane_backdoor: critical
 anti-static/elf/multiple: medium
 c2/addr/ip: medium
 c2/addr/url: low
diff --git a/tests/linux/2024.Gelsemium/udevd_multi.simple b/tests/linux/2024.Gelsemium/udevd_multi.simple
@@ -1,4 +1,5 @@
 # linux/2024.Gelsemium/udevd_multi: critical
+3P/sekoia/gelsemium_wolfsbane_backdoor: critical
 anti-static/elf/multiple: medium
 c2/addr/ip: medium
 c2/addr/url: low
diff --git a/tests/linux/2024.chisel/crondx.simple b/tests/linux/2024.chisel/crondx.simple
@@ -1,4 +1,5 @@
 # linux/2024.chisel/crondx: critical
+3P/sekoia/chisel_strings: critical
 c2/addr/ip: high
 c2/addr/url: low
 c2/tool_transfer/arch: low
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.dylib.simple b/tests/macOS/2023.3CX/libffmpeg.dirty.dylib.simple
@@ -1,6 +1,9 @@
 # macOS/2023.3CX/libffmpeg.dirty.dylib: critical
+3P/sekoia/downloader_smooth_operator: critical
 3P/sig_base/3cxdesktopapp_backdoor: critical
 3P/sig_base/nk_3cx_dylib: critical
+3P/sig_base/susp_xored_mozilla: critical
+3P/volexity/iconic: critical
 anti-static/xor/user_agent: critical
 c2/addr/url: low
 c2/tool_transfer/arch: low
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
diff --git a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20241215
+20241229
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.Gelsemium/dbus: critical`
	`2`	`+3P/sekoia/gelsemium_firewood_backdoor: critical`
`2`	`3`	`anti-static/elf/multiple: medium`
`3`	`4`	`crypto/decrypt: low`
`4`	`5`	`crypto/encrypt: medium`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.Gelsemium/kde: critical`
	`2`	`+3P/sekoia/gelsemium_wolfsbane_launcher: critical`
`2`	`3`	`crypto/rc4: low`
`3`	`4`	`discover/process/name: medium`
`4`	`5`	`evasion/file/location/dev_shm: high`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.Gelsemium/libselinux.so: critical`
	`2`	`+3P/sekoia/gelsemium_wolfsbane_rootkit: critical`
`2`	`3`	`anti-static/obfuscation/hidden_literals: medium`
`3`	`4`	`anti-static/xor/commands: high`
`4`	`5`	`anti-static/xor/paths: high`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.Gelsemium/udevd: critical`
	`2`	`+3P/sekoia/gelsemium_wolfsbane_backdoor: critical`
`2`	`3`	`anti-static/elf/multiple: medium`
`3`	`4`	`c2/addr/ip: medium`
`4`	`5`	`c2/addr/url: low`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.Gelsemium/udevd_multi: critical`
	`2`	`+3P/sekoia/gelsemium_wolfsbane_backdoor: critical`
`2`	`3`	`anti-static/elf/multiple: medium`
`3`	`4`	`c2/addr/ip: medium`
`4`	`5`	`c2/addr/url: low`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`# linux/2024.chisel/crondx: critical`
	`2`	`+3P/sekoia/chisel_strings: critical`
`2`	`3`	`c2/addr/ip: high`
`3`	`4`	`c2/addr/url: low`
`4`	`5`	`c2/tool_transfer/arch: low`