raxe 0.4.6__py3-none-any.whl

raxe/packs/core/v1.0.0/rules/enc/enc-83@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-83
+family: ENC
+sub_family: json_escape_encoding
+name: Detects JSON escaping obfuscation
+description: Detects JSON escaping obfuscation
+severity: critical
+confidence: 0.93
+patterns:
+- pattern: (?i)json escape (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0083
+rule_hash: sha256:32c4f81b4d76eab9f0525d01ae6ecf36ec04f1025edb53b913574e8a8146653d
+risk_explanation: Json Escaping encoding can obfuscate malicious content.
+remediation_advice: Detect JSON escaping patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-83-Json-Escape-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-84@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-84
+family: ENC
+sub_family: zalgo_text_encoding
+name: Detects Zalgo text obfuscation
+description: Detects Zalgo text obfuscation
+severity: critical
+confidence: 0.94
+patterns:
+- pattern: (?i)zalgo text (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0084
+rule_hash: sha256:7d9300202252f2793038e71f5179a2dcbf3345180ebf47ebbe41530313d45ada
+risk_explanation: Zalgo Text encoding can obfuscate malicious content.
+remediation_advice: Detect Zalgo text patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-84-Zalgo-Text-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-85@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-85
+family: ENC
+sub_family: homoglyph_encoding
+name: Detects homoglyph substitution obfuscation
+description: Detects homoglyph substitution obfuscation
+severity: critical
+confidence: 0.95
+patterns:
+- pattern: (?i)homoglyph (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0085
+rule_hash: sha256:e3415916a01360f0e87937864e106d275a69e3f43c61bde495b56edb626d18db
+risk_explanation: Homoglyph Substitution encoding can obfuscate malicious content.
+remediation_advice: Detect homoglyph substitution patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-85-Homoglyph-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-86@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-86
+family: ENC
+sub_family: zero_width_chars_encoding
+name: Detects zero-width characters obfuscation
+description: Detects zero-width characters obfuscation
+severity: critical
+confidence: 0.96
+patterns:
+- pattern: (?i)zero width chars (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0086
+rule_hash: sha256:6c6d7836381248c34d5c8ccffdb56fa3d43260d3c7f39aecfe01adb9ee1f60f5
+risk_explanation: Zero-Width Characters encoding can obfuscate malicious content.
+remediation_advice: Detect zero-width characters patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-86-Zero-Width-Chars-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-87@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-87
+family: ENC
+sub_family: rtl_override_encoding
+name: Detects RTL override obfuscation
+description: Detects RTL override obfuscation
+severity: critical
+confidence: 0.97
+patterns:
+- pattern: (?i)rtl override (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0087
+rule_hash: sha256:21e12603f8164e78dd9594fc15ee218fb42058863ca4bd482f71a269e5f672ad
+risk_explanation: Rtl Override encoding can obfuscate malicious content.
+remediation_advice: Detect RTL override patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-87-Rtl-Override-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-88@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-88
+family: ENC
+sub_family: bidi_override_encoding
+name: Detects BiDi override obfuscation
+description: Detects BiDi override obfuscation
+severity: critical
+confidence: 0.98
+patterns:
+- pattern: (?i)bidi override (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0088
+rule_hash: sha256:af0a577e581c68ee4b48c02110d674608d8095fa158c8e7f95f71ea275e005bc
+risk_explanation: Bidi Override encoding can obfuscate malicious content.
+remediation_advice: Detect BiDi override patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-88-Bidi-Override-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-89@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-89
+family: ENC
+sub_family: whitespace_encoding_encoding
+name: Detects whitespace encoding obfuscation
+description: Detects whitespace encoding obfuscation
+severity: critical
+confidence: 0.99
+patterns:
+- pattern: (?i)whitespace encoding (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0089
+rule_hash: sha256:8780c4aab4f0961b836f0c31d09ccdefcaef605e28a861ccd757a4b572a4d3b4
+risk_explanation: Whitespace Encoding encoding can obfuscate malicious content.
+remediation_advice: Detect whitespace encoding patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-89-Whitespace-Encoding-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-90@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-90
+family: ENC
+sub_family: emoji_encoding_encoding
+name: Detects emoji encoding obfuscation
+description: Detects emoji encoding obfuscation
+severity: critical
+confidence: 0.9
+patterns:
+- pattern: (?i)emoji encoding (encod|obfuscat|hide)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0090
+rule_hash: sha256:4b871c7a30caa6d846149a1fda1a44db5fc6f1f70fd0cd2c84819b297e1ce951
+risk_explanation: Emoji Encoding encoding can obfuscate malicious content.
+remediation_advice: Detect emoji encoding patterns. Decode and analyze content.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-90-Emoji-Encoding-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-91@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-91
+family: ENC
+sub_family: qr_encoding
+name: Detects QR encoding obfuscation
+description: Detects QR encoding obfuscation
+severity: critical
+confidence: 0.91
+patterns:
+- pattern: (?i)qr (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0091
+rule_hash: sha256:62d5a6b17b32417ba3670570ece5575b283bbb60ba1c4a132094007c65b1598c
+risk_explanation: QR encoding can obfuscate malicious content.
+remediation_advice: Detect QR patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-91-Qr-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-92@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-92
+family: ENC
+sub_family: barcode_encoding
+name: Detects barcode encoding obfuscation
+description: Detects barcode encoding obfuscation
+severity: critical
+confidence: 0.92
+patterns:
+- pattern: (?i)barcode (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0092
+rule_hash: sha256:969722f17f225f0cab8aae05e166f847fee4ef64b1f39376864df656e1e20009
+risk_explanation: barcode encoding can obfuscate malicious content.
+remediation_advice: Detect barcode patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-92-Barcode-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-93@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-93
+family: ENC
+sub_family: dna_encoding
+name: Detects DNA encoding obfuscation
+description: Detects DNA encoding obfuscation
+severity: critical
+confidence: 0.93
+patterns:
+- pattern: (?i)dna (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0093
+rule_hash: sha256:28856261a191c47dbfffe76ac0649d50c29211a4ae95c87969b8a07a80d87e9f
+risk_explanation: DNA encoding can obfuscate malicious content.
+remediation_advice: Detect DNA patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-93-Dna-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-94@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-94
+family: ENC
+sub_family: color_encoding
+name: Detects color encoding obfuscation
+description: Detects color encoding obfuscation
+severity: critical
+confidence: 0.94
+patterns:
+- pattern: (?i)color (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0094
+rule_hash: sha256:3cda2fae91b9193dbdc5d28cf18b41fe31f30de68a8101e58eae53f4cab9cc5e
+risk_explanation: color encoding can obfuscate malicious content.
+remediation_advice: Detect color patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-94-Color-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-95@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-95
+family: ENC
+sub_family: image_stego_encoding
+name: Detects image stego encoding obfuscation
+description: Detects image stego encoding obfuscation
+severity: critical
+confidence: 0.95
+patterns:
+- pattern: (?i)image stego (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0095
+rule_hash: sha256:f919a9399bcb8d6b3360ff5f9d814a5f755ee5a2525380b39a6948d681f96725
+risk_explanation: image stego encoding can obfuscate malicious content.
+remediation_advice: Detect image stego patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-95-Image-Stego-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-96@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-96
+family: ENC
+sub_family: audio_stego_encoding
+name: Detects audio stego encoding obfuscation
+description: Detects audio stego encoding obfuscation
+severity: critical
+confidence: 0.96
+patterns:
+- pattern: (?i)audio stego (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0096
+rule_hash: sha256:728e552fa1d95c83c7122360bfb1ece040b2843899d8eec4d7ffb2db527c28ea
+risk_explanation: audio stego encoding can obfuscate malicious content.
+remediation_advice: Detect audio stego patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-96-Audio-Stego-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-97@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-97
+family: ENC
+sub_family: polyglot_encoding
+name: Detects polyglot encoding obfuscation
+description: Detects polyglot encoding obfuscation
+severity: critical
+confidence: 0.97
+patterns:
+- pattern: (?i)polyglot (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0097
+rule_hash: sha256:4ae9cfbfa1fec6bb092e24b7ce63d29a68f92d67537a5edda4731ddec8219274
+risk_explanation: polyglot encoding can obfuscate malicious content.
+remediation_advice: Detect polyglot patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-97-Polyglot-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-98@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-98
+family: ENC
+sub_family: nested_archive_encoding
+name: Detects nested archive encoding obfuscation
+description: Detects nested archive encoding obfuscation
+severity: critical
+confidence: 0.98
+patterns:
+- pattern: (?i)nested archive (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0098
+rule_hash: sha256:c955ce6dd34884a049cc8967a08eba801a96694db8d8f1782568577f9cc00e75
+risk_explanation: nested archive encoding can obfuscate malicious content.
+remediation_advice: Detect nested archive patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-98-Nested-Archive-Encoding

raxe/packs/core/v1.0.0/rules/enc/enc-99@1.0.0.yaml

@@ -0,0 +1,38 @@
+version: 1.0.0
+rule_id: enc-99
+family: ENC
+sub_family: password_archive_encoding
+name: Detects password archive encoding obfuscation
+description: Detects password archive encoding obfuscation
+severity: critical
+confidence: 0.99
+patterns:
+- pattern: (?i)password archive (encod|obfuscat|hide|conceal)
+  flags:
+  - IGNORECASE
+  timeout: 5.0
+examples:
+  should_match:
+  - Use encoding to hide malicious instructions
+  - Apply obfuscation to conceal harmful content
+  - Encode payload to hide attack
+  should_not_match:
+  - What is character encoding?
+  - How do I encode data safely?
+  - Explain encoding methods
+metrics:
+  precision: null
+  recall: null
+  f1_score: null
+  last_evaluated: null
+mitre_attack:
+- T1027
+metadata:
+  created: '2025-11-17'
+  updated: '2025-11-17'
+  author: raxe-ce
+  legacy_rx_id: RX-ENC-0099
+rule_hash: sha256:8d4b09187a138052a6ca664a44cc47c1597f954b41dd276c7d973625e69078ad
+risk_explanation: password archive encoding can obfuscate malicious content.
+remediation_advice: Detect password archive patterns and analyze.
+docs_url: https://github.com/raxe-ai/raxe-ce/wiki/ENC-99-Password-Archive-Encoding