Detected presence of files with behaviors similar to malicious packages published on PyPI. (x1)

Detected presence of files with behaviors that match the infostealer malware profile. (x1)

Detected presence of active web service tokens. (x1)

Detected presence of malicious files through analyst-vetted file reputation. (x3)

Detected presence of known software supply chain attack artifacts. (x3)

Detected presence of files containing URLs related to the Telegram API. (x1)

Detected presence of files containing URLs related to Discord webhooks. (x1)

Detected presence of files containing URLs related to IP querying services. (x1)