Detected presence of files containing domains used for intercepting and inspecting HTTP requests. (x1)

Detected presence of files with behaviors similar to malicious packages published on NPM. (x1)

Detected presence of malicious files through analyst-vetted file reputation. (x4)

Detected presence of known software supply chain attack artifacts. (x4)

Detected presence of files containing domains related to out-of-band application security testing tools. (x1)

Detected presence of files that collect and exfiltrate user information. (x2)

Detected presence of software components that can access user identity information. (x2)