Detected presence of malicious files through analyst-vetted file reputation. (x3)

Detected presence of known software supply chain attack artifacts. (x3)

Detected presence of files with behaviors commonly used by malicious software. (x1)

Detected presence of files containing URLs that use non-standard ports. (x1)

Detected digital signatures that were countersigned by an unknown time-stamping service. (x1)

Detected digital signatures that have not been performed with an extended validation certificate. (x1)

Detected digital signatures that rely on a weak digest algorithm for integrity validation. (x1)

Detected digital signatures made with a certificate issued by an unknown certificate authority. (x1)