Detected presence of malicious files through analyst-vetted file reputation. (x3)

Detected presence of known software supply chain attack artifacts. (x3)

Detected presence of files containing URLs that use suspicious top-level domains. (x1)

Detected presence of files containing URLs that use non-standard ports. (x1)

Detected digital signatures that have not been performed with an extended validation certificate. (x1)

Detected digital signatures that rely on a weak digest algorithm for integrity validation. (x1)