/** * Known malicious patterns database * * This file is designed to be regularly updated as new threats emerge. * Add new patterns, wallet addresses, or domain patterns as they are discovered. */ import type { PatternEntry, Severity } from "./types.js"; /** Known GlassWorm marker variables */ export declare const GLASSWORM_MARKERS: string[]; /** Known GlassWorm Solana wallet addresses used for C2 */ export declare const KNOWN_C2_WALLETS: string[]; /** Known C2 domain patterns (regex strings) */ export declare const C2_DOMAIN_PATTERNS: string[]; export declare const FILE_PATTERNS: PatternEntry[]; /** Files that are suspicious by name alone */ export declare const SUSPICIOUS_FILES: Array<{ pattern: string; description: string; severity: Severity; rule: string; }>; /** Package.json script patterns that are suspicious */ export declare const SUSPICIOUS_SCRIPTS: PatternEntry[]; /** Patterns matching known malicious or typosquatting package names */ export declare const MALICIOUS_PACKAGE_PATTERNS: string[]; export declare const CAMPAIGN_PATTERNS: PatternEntry[]; /** Patterns for detecting malicious code in Python packages */ export declare const PYPI_FILE_PATTERNS: PatternEntry[]; /** Setup file names to check for install hooks */ export declare const PYPI_SETUP_FILES: Set; /** Suspicious install hook patterns in setup.py */ export declare const PYPI_INSTALL_HOOK_PATTERNS: PatternEntry[]; /** Python file extensions to scan */ export declare const PYTHON_EXTENSIONS: Set; /** Known typosquatted PyPI package name patterns */ export declare const PYPI_TYPOSQUAT_PATTERNS: string[]; /** File extensions that indicate binary/native addons */ export declare const BINARY_EXTENSIONS: Set; /** Patterns in install scripts that indicate prebuilt binary downloads */ export declare const BINARY_DOWNLOAD_PATTERNS: PatternEntry[]; /** Known legitimate packages that use native addons */ export declare const KNOWN_NATIVE_PACKAGES: Set; export declare const BEACON_MINER_PATTERNS: PatternEntry[]; export declare const SCANNABLE_EXTENSIONS: Set; /** Maximum file size to scan (in bytes). Files larger than this are skipped. */ export declare const MAX_FILE_SIZE: number; export declare const BUILD_TOOL_PATTERNS: PatternEntry[]; /** Build config file names */ export declare const BUILD_CONFIG_FILES: Set; export declare const MONOREPO_PATTERNS: PatternEntry[]; export declare const CAMPAIGN_PATTERNS_V2: PatternEntry[]; export declare const OBFUSCATION_PATTERNS_V2: PatternEntry[]; export declare const IAC_PATTERNS: PatternEntry[]; export declare const INFOSTEALER_PATTERNS: PatternEntry[]; export declare const LURE_PATTERNS: PatternEntry[]; export declare const PROMPT_INJECTION_PATTERNS: PatternEntry[]; export declare const C2_EXTENDED_PATTERNS: PatternEntry[]; export declare const SECRETS_PATTERNS: PatternEntry[]; export declare const OBFUSCATION_V3_PATTERNS: PatternEntry[]; export declare const PROVENANCE_PATTERNS: PatternEntry[]; //# sourceMappingURL=patterns.d.ts.map