Update third-party rules as of 2024-12-01 (#671)

Co-authored-by: Update third-party rules <41898282+github-actions[bot]@users.noreply.github.com>
chainguard-dev · Dec 1, 2024 · 1a60b8d · 1a60b8d
1 parent dd1e25f
commit 1a60b8d
Show file tree

Hide file tree

Showing 6 changed files with 8,090 additions and 6,783 deletions.
diff --git a/tests/linux/2020.bdvl/bdvl.so.simple b/tests/linux/2020.bdvl/bdvl.so.simple
@@ -1,4 +1,5 @@
 # linux/2020.bdvl/bdvl.so: critical
+3P/elastic/rootkit_bedevil: critical
 anti-behavior/LD_DEBUG: medium
 anti-behavior/process_check: high
 credential/password: low

diff --git a/tests/linux/2024.melofee/driver_decrypted.simple b/tests/linux/2024.melofee/driver_decrypted.simple
@@ -1,4 +1,5 @@
 # linux/2024.melofee/driver_decrypted: critical
+3P/elastic/rootkit_melofee: critical
 anti-static/binary/opaque: medium
 evasion/indicator_blocking/process: high
 evasion/mimicry/fake_process: high

diff --git a/tests/linux/2024.melofee/pskt.simple b/tests/linux/2024.melofee/pskt.simple
@@ -1,4 +1,5 @@
 # linux/2024.melofee/pskt: critical
+3P/elastic/melofee: critical
 anti-behavior/LD_DEBUG: medium
 anti-behavior/LD_PROFILE: medium
 anti-static/elf/entropy: critical

diff --git a/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple b/tests/ruby/2024.Ruby_rootkit/Ruby.c.simple
@@ -1,4 +1,5 @@
 # ruby/2024.Ruby_rootkit/Ruby.c: critical
+3P/elastic/rootkit: high
 c2/refs: medium
 evasion/rootkit/kernel: critical
 evasion/rootkit/refs: high

diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20241124
+20241201