compile .NET assembly

rule:
  meta:
    name: compile .NET assembly
    namespace: load-code/dotnet
    authors:
      - anushka.virgaonkar@mandiant.com
    scopes:
      static: function
      dynamic: call
    att&ck:
      - Defense Evasion::Obfuscated Files or Information::Compile After Delivery [T1027.004]
  features:
    - or:
      - api: System.CodeDom.Compiler.CodeDomProvider::CompileAssemblyFromDom
      - api: System.CodeDom.Compiler.CodeDomProvider::CompileAssemblyFromFile
      - api: System.CodeDom.Compiler.CodeDomProvider::CompileAssemblyFromSource