Update third-party rules as of 2024-11-03 (chainguard-dev#571)

Co-authored-by: Update third-party rules <41898282+github-actions[bot]@users.noreply.github.com>

test_data/linux/clean/pypi_package_index.json.simple

@@ -60,7 +60,6 @@
 3P/threat_hunting/sslstrip: medium
 3P/threat_hunting/ssrfmap: medium
 3P/threat_hunting/subfinder: medium
-3P/threat_hunting/sublist3r: medium
 3P/threat_hunting/theharvester: medium
 3P/threat_hunting/torproject: medium
 3P/threat_hunting/wafw00f: medium

test_data/windows/2024.Sharp/sharpil_RAT.exe.md

@@ -2,7 +2,7 @@
 
 |   RISK   |                                                                              KEY                                                                               |                                                                                  DESCRIPTION                                                                                   |                                                                                   EVIDENCE                                                                                   |
 |----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| CRITICAL | [3P/ditekshen/telegramchatbot](https://github.com/ditekshen/detection/blob/cd99e732c8f3cc13faf048d52c3ef5faa9fd761e/yara/indicator_suspicious.yar#L1293-L1308) | Detects executables using Telegram Chat Bot, by [ditekSHen](https://github.com/ditekshen/detection)                                                                            | $p1<br>$p2<br>$s1<br>$s2<br>$s4                                                                                                                                              |
+| CRITICAL | [3P/ditekshen/telegramchatbot](https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_suspicious.yar#L1293-L1308) | Detects executables using Telegram Chat Bot, by [ditekSHen](https://github.com/ditekshen/detection)                                                                            | $p1<br>$p2<br>$s1<br>$s2<br>$s4                                                                                                                                              |
 | MEDIUM   | [3P/threat_hunting/telegram](https://github.com/chainguard-dev/malcontent/blob/main/rules/yara/threat_hunting/all.yara#telegram_greyware_tool_keyword)         | [references 'telegram' tool](https://github.com/mthcht/ThreatHunting-Keywords), by mthcht                                                                                      | $string2_telegram_greyware_tool_keyword                                                                                                                                      |
 | MEDIUM   | [data/embedded/app_manifest](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/app-manifest.yara#app_manifest)                        | [Contains embedded Microsoft Windows application manifest](https://learn.microsoft.com/en-us/cpp/build/reference/manifestuac-embeds-uac-information-in-manifest?view=msvc-170) | [requestedExecutionLevel](https://github.com/search?q=requestedExecutionLevel&type=code)<br>[requestedPrivileges](https://github.com/search?q=requestedPrivileges&type=code) |
 | MEDIUM   | [net/download](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/download/download.yara#download)                                               | download files                                                                                                                                                                 | [DownloadString](https://github.com/search?q=DownloadString&type=code)<br>[Downloads](https://github.com/search?q=Downloads&type=code)                                       |

test_data/windows/2024.aspdasdksa2/callback.bat.json

@@ -12,11 +12,11 @@
                     ],
                     "RiskScore": 4,
                     "RiskLevel": "CRITICAL",
-                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/2c85e594d803f8014394cd0f9f86bd9d58e608ff/yara/gen_powershell_susp.yar#L52-L91",
+                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/43c9d899b5195f67a1ea52db0b28a84fc230365a/yara/gen_powershell_susp.yar#L52-L91",
                     "ReferenceURL": "Internal%20Research",
                     "RuleAuthor": "Florian Roth (Nextron Systems)",
                     "RuleLicense": "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE",
-                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/2c85e594d803f8014394cd0f9f86bd9d58e608ff/LICENSE",
+                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/43c9d899b5195f67a1ea52db0b28a84fc230365a/LICENSE",
                     "ID": "3P/sig_base/powershell_webdownload",
                     "RuleName": "SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1"
                 },

third_party/yara/YARAForge/RELEASE

@@ -1 +1 @@
-20241027
+20241103