load .NET assembly

rule:
  meta:
    name: load .NET assembly
    namespace: load-code/dotnet
    authors:
      - anushka.virgaonkar@mandiant.com
    scopes:
      static: function
      dynamic: call
    att&ck:
      - Defense Evasion::Reflective Code Loading [T1620]
  features:
    - or:
      - api: System.Reflection.Assembly::Load
      - api: System.AppDomain::Load
      - api: System.Reflection.Assembly::LoadFile
      - api: System.Reflection.Assembly::LoadFrom
      - api: System.Reflection.Assembly::LoadWithPartialName
      - api: System.Reflection.Assembly::ReflectionOnlyLoad
      - api: System.Reflection.Assembly::ReflectionOnlyLoadFrom
      - api: System.Reflection.Assembly::UnsafeLoadFrom