Detected presence of files containing URLs that link to raw files on GitHub. (x3)

Detected presence of files containing URLs related to Bitcoin exchange services. (x1)

Detected presence of files with behaviors similar to malicious packages published on PyPI. (x1)

Detected presence of files with behaviors that match the infostealer malware profile. (x7)

Detected presence of malicious files through analyst-vetted file reputation. (x9)

Detected presence of known software supply chain attack artifacts. (x9)

Detected presence of files containing URLs related to IP querying services. (x1)

Detected presence of software components that can detect installed security software. (x1)

Detected presence of files that dynamically execute Base-encoded data. (x1)

Detected presence of software components that have code outside of the common screen width. (x1)