From bd28c08ec6100902769d3fd23cff187f0f37776e Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Tue, 17 Dec 2024 17:13:58 -0600
Subject: [PATCH] Update samples

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 Makefile                                      |   2 +-
 pkg/refresh/refresh.go                        |   1 +
 .../3937.844b09f50594ca2613b4.js.map.simple   |   8 +
 tests/javascript/clean/index.js.map.simple    |  15 ++
 tests/linux/2024.k4spreader/2.decoded.simple  |  10 +
 tests/linux/2024.k4spreader/2.simple          |   3 +
 tests/linux/clean/appsec-rules.json.simple    |  76 ++++++++
 .../aws-c-io-0.14.10-r0.spdx.json.simple      |   4 +
 .../aws-c-io-0.14.11-r0.spdx.json.simple      |   4 +
 tests/linux/clean/default_config.json.simple  |  77 ++++++++
 .../clean/gitlab-rails/android.tar.gz.simple  |   2 +
 .../gitlab-rails/astro_tailwind.tar.gz.simple |   2 +
 .../gitlab-rails/bridgetown.tar.gz.simple     |   2 +
 .../cluster_management.tar.gz.simple          |   2 +
 .../gitlab-rails/dotnetcore.tar.gz.simple     |   2 +
 .../clean/gitlab-rails/express.tar.gz.simple  |   2 +
 .../clean/gitlab-rails/gatsby.tar.gz.simple   |   2 +
 .../gitpod_spring_petclinic.tar.gz.simple     |   2 +
 .../clean/gitlab-rails/gomicro.tar.gz.simple  |   2 +
 .../clean/gitlab-rails/hexo.tar.gz.simple     |   4 +
 .../hipaa_audit_protocol.tar.gz.simple        |   0
 .../clean/gitlab-rails/hugo.tar.gz.simple     |   2 +
 .../clean/gitlab-rails/iosswift.tar.gz.simple |   6 +
 .../clean/gitlab-rails/jekyll.tar.gz.simple   |   2 +
 .../clean/gitlab-rails/jsonnet.tar.gz.simple  |   2 +
 .../kotlin_native_linux.tar.gz.simple         |   2 +
 .../clean/gitlab-rails/laravel.tar.gz.simple  |   2 +
 .../gitlab-rails/middleman.tar.gz.simple      |   2 +
 .../gitlab-rails/nfgitbook.tar.gz.simple      |   2 +
 .../clean/gitlab-rails/nfhexo.tar.gz.simple   |   4 +
 .../clean/gitlab-rails/nfhugo.tar.gz.simple   |   2 +
 .../clean/gitlab-rails/nfjekyll.tar.gz.simple |   2 +
 .../gitlab-rails/nfplainhtml.tar.gz.simple    |   2 +
 .../gitlab-rails/nist_80053r5.tar.gz.simple   |  27 +++
 .../clean/gitlab-rails/pelican.tar.gz.simple  |   2 +
 .../gitlab-rails/plainhtml.tar.gz.simple      |   2 +
 .../clean/gitlab-rails/rails.tar.gz.simple    |   2 +
 .../gitlab-rails/salesforcedx.tar.gz.simple   |   2 +
 .../serverless_framework.tar.gz.simple        |   2 +
 .../clean/gitlab-rails/spring.tar.gz.simple   |   2 +
 ...tencent_serverless_framework.tar.gz.simple |   2 +
 .../typo3_distribution.tar.gz.simple          |   2 +
 ...758-4c5e-b57e-c735914ee32a_101.json.simple |   7 +
 ...67c-455a-afe4-de6183431d0d_111.json.simple |  10 +
 ...-9b70-456b-b6b8-007c7d246128_5.json.simple |  18 ++
 ...348-47ba-9741-1202a09556ad_101.json.simple |  10 +
 ...735-4b24-9cc6-c78dfc9fc9c9_108.json.simple |   8 +
 ...-82ad-4a6c-82b8-296c1f691449_2.json.simple |   8 +
 ...399-4191-af1d-4feeac1f1f46_108.json.simple |  10 +
 ...f01-4f43-a872-605b678968b0_111.json.simple |  25 +++
 ...cess_dumping_keychain_security.json.simple |   4 +
 ...ender_exclusion_via_powershell.json.simple |   8 +
 tests/linux/clean/minio_x86_64.md             | 184 ++++++++++++++++++
 .../linux/clean/misp_sample.ndjson.log.simple |  15 ++
 tests/linux/clean/neuvector_agent_aarch64.md  | 152 +++++++++++++++
 .../clean/pypi_package_index.json.simple      | 146 ++++++++++++++
 tests/linux/clean/rules.json.simple           |  79 ++++++++
 tests/linux/clean/searchindex.json.simple     |  72 +++++++
 .../clean/sonarlint-metadata.json.simple      |  70 +++++++
 tests/linux/clean/vitess/vtadmin.simple       | 163 ++++++++++++++++
 tests/linux/clean/vitess/vtclient.simple      | 150 ++++++++++++++
 .../wikiticker-2015-09-12-sampled.json.simple |  22 +++
 .../npm/2024.depe-tool/preinstall.json.simple |   4 +
 .../2020.bitcoin-ruby/the_Score.vbs.simple    |   4 +
 tests/samples_test.go                         |   1 +
 65 files changed, 1464 insertions(+), 1 deletion(-)
 create mode 100644 tests/linux/clean/gitlab-rails/android.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/astro_tailwind.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/bridgetown.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/cluster_management.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/dotnetcore.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/express.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/gatsby.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/gitpod_spring_petclinic.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/gomicro.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/hexo.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/hipaa_audit_protocol.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/hugo.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/iosswift.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/jekyll.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/jsonnet.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/kotlin_native_linux.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/laravel.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/middleman.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nfgitbook.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nfhexo.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nfhugo.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nfjekyll.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nfplainhtml.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/nist_80053r5.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/pelican.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/plainhtml.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/rails.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/salesforcedx.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/serverless_framework.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/spring.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/tencent_serverless_framework.tar.gz.simple
 create mode 100644 tests/linux/clean/gitlab-rails/typo3_distribution.tar.gz.simple

diff --git a/Makefile b/Makefile
index 621cf5bb1..1b0eea892 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 
 
 SAMPLES_REPO ?= chainguard-dev/malcontent-samples
-SAMPLES_COMMIT ?= 38d8faef6bcbd63f7cc02bb243b12aaa3e1ba70c
+SAMPLES_COMMIT ?= 2bd3bff19c0253821b3886db65a5059587cac893
 
 # BEGIN: lint-install ../malcontent
 # http://github.com/tinkerbell/lint-install
diff --git a/pkg/refresh/refresh.go b/pkg/refresh/refresh.go
index 7a5f0b4aa..ac18bfe4b 100644
--- a/pkg/refresh/refresh.go
+++ b/pkg/refresh/refresh.go
@@ -75,6 +75,7 @@ func newConfig(rc Config) *malcontent.Config {
 		MinFileRisk:           1,
 		MinRisk:               1,
 		QuantityIncreasesRisk: true,
+		IncludeDataFiles:      true,
 		RuleFS:                []fs.FS{rules.FS, thirdparty.FS},
 		TrimPrefixes:          []string{rc.SamplesPath},
 	}
diff --git a/tests/javascript/clean/3937.844b09f50594ca2613b4.js.map.simple b/tests/javascript/clean/3937.844b09f50594ca2613b4.js.map.simple
index e69de29bb..3e8bf8640 100644
--- a/tests/javascript/clean/3937.844b09f50594ca2613b4.js.map.simple
+++ b/tests/javascript/clean/3937.844b09f50594ca2613b4.js.map.simple
@@ -0,0 +1,8 @@
+# javascript/clean/3937.844b09f50594ca2613b4.js.map: medium
+exec/shell/power: medium
+false-positives/mattermost: low
+fs/directory/remove: low
+fs/file/copy: medium
+fs/file/delete: medium
+net/download/fetch: medium
+net/url/embedded: low
diff --git a/tests/javascript/clean/index.js.map.simple b/tests/javascript/clean/index.js.map.simple
index e69de29bb..238d84ffa 100644
--- a/tests/javascript/clean/index.js.map.simple
+++ b/tests/javascript/clean/index.js.map.simple
@@ -0,0 +1,15 @@
+# javascript/clean/index.js.map: medium
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/encrypt: medium
+crypto/public_key: low
+data/encoding/base64: low
+data/encoding/json_decode: low
+data/encoding/json_encode: low
+net/http/accept: low
+net/http/auth: low
+net/http/form_upload: medium
+net/http/post: medium
+net/url/embedded: low
+net/url/parse: low
diff --git a/tests/linux/2024.k4spreader/2.decoded.simple b/tests/linux/2024.k4spreader/2.decoded.simple
index e69de29bb..756b586f6 100644
--- a/tests/linux/2024.k4spreader/2.decoded.simple
+++ b/tests/linux/2024.k4spreader/2.decoded.simple
@@ -0,0 +1,10 @@
+# linux/2024.k4spreader/2.decoded: critical
+c2/addr/ip: high
+c2/tool_transfer/download: medium
+evasion/net/http_443: high
+exec/imports/python: medium
+exec/remote_commands/code_eval: high
+impact/remote_access/remote_eval: critical
+net/url/embedded: low
+net/url/parse: low
+os/fd/read: low
diff --git a/tests/linux/2024.k4spreader/2.simple b/tests/linux/2024.k4spreader/2.simple
index e69de29bb..20572e27a 100644
--- a/tests/linux/2024.k4spreader/2.simple
+++ b/tests/linux/2024.k4spreader/2.simple
@@ -0,0 +1,3 @@
+# linux/2024.k4spreader/2: critical
+anti-static/base64/function_names: critical
+data/embedded/base64_url: medium
diff --git a/tests/linux/clean/appsec-rules.json.simple b/tests/linux/clean/appsec-rules.json.simple
index e69de29bb..dbef9bc95 100644
--- a/tests/linux/clean/appsec-rules.json.simple
+++ b/tests/linux/clean/appsec-rules.json.simple
@@ -0,0 +1,76 @@
+# linux/clean/appsec-rules.json: critical
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/cloud/aws: medium
+credential/os/gshadow: medium
+credential/os/shadow: medium
+credential/password: low
+credential/server/htpasswd: medium
+credential/shell/bash_history: medium
+credential/shell/zsh_history: high
+credential/ssh: high
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+crypto/openssl: medium
+data/base64/decode: medium
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/encoding/base64: low
+discover/multiple: medium
+discover/system/dmesg: low
+discover/system/platform: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/file/prefix: medium
+evasion/logging/acct: low
+evasion/process_injection/readelf: medium
+exec/plugin: low
+exec/shell/bash_dev_udp: medium
+exec/shell/command: medium
+exec/shell/nohup: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+exec/tty/pathname: medium
+exfil: medium
+exfil/stealer/linux_server: high
+fs/fifo_create: low
+fs/file/times_set: medium
+fs/lock_update: low
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/home: low
+fs/path/home_config: low
+fs/path/tmp: medium
+fs/path/var: low
+fs/permission/modify: medium
+fs/tempfile: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/exploit: medium
+impact/exploit/cve: medium
+impact/remote_access/iptables: medium
+net/dns/servers: low
+net/download: medium
+net/ftp/t: low
+net/http/cookies: medium
+net/http/webhook: medium
+net/ip/host_port: medium
+net/socket/connect: medium
+net/tcp/sftp: medium
+persist/cron/tab: medium
+persist/daemon: medium
+persist/linux_multi: high
+persist/shell/bash: medium
+persist/shell/zsh: medium
+persist/ssh_authorized_keys: medium
+process/chroot: low
+process/unshare: low
+sec-tool/net/nmap: medium
diff --git a/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple b/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple
index e69de29bb..fbced9d33 100644
--- a/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple
+++ b/tests/linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json.simple
@@ -0,0 +1,4 @@
+# linux/clean/aws-c-io/aws-c-io-0.14.10-r0.spdx.json: medium
+c2/tool_transfer/arch: low
+net/download: medium
+net/url/embedded: low
diff --git a/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple b/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple
index e69de29bb..5d3094c8a 100644
--- a/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple
+++ b/tests/linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json.simple
@@ -0,0 +1,4 @@
+# linux/clean/aws-c-io/aws-c-io-0.14.11-r0.spdx.json: medium
+c2/tool_transfer/arch: low
+net/download: medium
+net/url/embedded: low
diff --git a/tests/linux/clean/default_config.json.simple b/tests/linux/clean/default_config.json.simple
index e69de29bb..266664012 100644
--- a/tests/linux/clean/default_config.json.simple
+++ b/tests/linux/clean/default_config.json.simple
@@ -0,0 +1,77 @@
+# linux/clean/default_config.json: critical
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/cloud/aws: medium
+credential/os/gshadow: medium
+credential/os/shadow: medium
+credential/password: low
+credential/server/htpasswd: medium
+credential/shell/bash_history: medium
+credential/shell/zsh_history: high
+credential/ssh: high
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+crypto/openssl: medium
+data/base64/decode: medium
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/encoding/base64: low
+discover/multiple: medium
+discover/system/dmesg: low
+discover/system/platform: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/file/prefix: medium
+evasion/logging/acct: low
+evasion/process_injection/readelf: medium
+exec/plugin: low
+exec/shell/bash_dev_udp: medium
+exec/shell/command: medium
+exec/shell/nohup: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+exec/tty/pathname: medium
+exfil: medium
+exfil/stealer/linux_server: high
+fs/fifo_create: low
+fs/file/times_set: medium
+fs/lock_update: low
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/home: low
+fs/path/home_config: low
+fs/path/tmp: medium
+fs/path/var: low
+fs/permission/modify: medium
+fs/tempfile: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/exploit: medium
+impact/exploit/cve: medium
+impact/remote_access/iptables: medium
+net/dns/servers: low
+net/download: medium
+net/ftp/t: low
+net/http/cookies: medium
+net/http/webhook: medium
+net/ip/host_port: medium
+net/socket/connect: medium
+net/tcp/sftp: medium
+persist/cron/tab: medium
+persist/daemon: medium
+persist/linux_multi: high
+persist/shell/bash: medium
+persist/shell/zsh: medium
+persist/ssh_authorized_keys: medium
+process/chroot: low
+process/unshare: low
+sec-tool/net/masscan: high
+sec-tool/net/nmap: medium
diff --git a/tests/linux/clean/gitlab-rails/android.tar.gz.simple b/tests/linux/clean/gitlab-rails/android.tar.gz.simple
new file mode 100644
index 000000000..ec0654f15
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/android.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/android.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/astro_tailwind.tar.gz.simple b/tests/linux/clean/gitlab-rails/astro_tailwind.tar.gz.simple
new file mode 100644
index 000000000..939d5e643
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/astro_tailwind.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/astro_tailwind.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/bridgetown.tar.gz.simple b/tests/linux/clean/gitlab-rails/bridgetown.tar.gz.simple
new file mode 100644
index 000000000..93ea4e0c9
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/bridgetown.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/bridgetown.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/cluster_management.tar.gz.simple b/tests/linux/clean/gitlab-rails/cluster_management.tar.gz.simple
new file mode 100644
index 000000000..43d668b21
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/cluster_management.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/cluster_management.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/dotnetcore.tar.gz.simple b/tests/linux/clean/gitlab-rails/dotnetcore.tar.gz.simple
new file mode 100644
index 000000000..b40039d1a
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/dotnetcore.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/dotnetcore.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/express.tar.gz.simple b/tests/linux/clean/gitlab-rails/express.tar.gz.simple
new file mode 100644
index 000000000..9d4fb4d45
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/express.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/express.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/gatsby.tar.gz.simple b/tests/linux/clean/gitlab-rails/gatsby.tar.gz.simple
new file mode 100644
index 000000000..29450a388
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/gatsby.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/gatsby.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/gitpod_spring_petclinic.tar.gz.simple b/tests/linux/clean/gitlab-rails/gitpod_spring_petclinic.tar.gz.simple
new file mode 100644
index 000000000..a3d25fd21
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/gitpod_spring_petclinic.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/gitpod_spring_petclinic.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/gomicro.tar.gz.simple b/tests/linux/clean/gitlab-rails/gomicro.tar.gz.simple
new file mode 100644
index 000000000..734870000
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/gomicro.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/gomicro.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/hexo.tar.gz.simple b/tests/linux/clean/gitlab-rails/hexo.tar.gz.simple
new file mode 100644
index 000000000..c6f71ff62
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/hexo.tar.gz.simple
@@ -0,0 +1,4 @@
+# linux/clean/gitlab-rails/hexo.tar.gz ∴ /tree/project.json: low
+credential/password: low
+# linux/clean/gitlab-rails/hexo.tar.gz ∴ /project.bundle: low
+crypto/aes: low
diff --git a/tests/linux/clean/gitlab-rails/hipaa_audit_protocol.tar.gz.simple b/tests/linux/clean/gitlab-rails/hipaa_audit_protocol.tar.gz.simple
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/linux/clean/gitlab-rails/hugo.tar.gz.simple b/tests/linux/clean/gitlab-rails/hugo.tar.gz.simple
new file mode 100644
index 000000000..655e23c93
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/hugo.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/hugo.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/iosswift.tar.gz.simple b/tests/linux/clean/gitlab-rails/iosswift.tar.gz.simple
new file mode 100644
index 000000000..9ad86bcce
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/iosswift.tar.gz.simple
@@ -0,0 +1,6 @@
+# linux/clean/gitlab-rails/iosswift.tar.gz ∴ /tree/project.json: low
+credential/password: low
+# linux/clean/gitlab-rails/iosswift.tar.gz ∴ /project.bundle: medium
+credential/sniffer/bpf: medium
+net/tcp/ssh: medium
+process/chdir: low
diff --git a/tests/linux/clean/gitlab-rails/jekyll.tar.gz.simple b/tests/linux/clean/gitlab-rails/jekyll.tar.gz.simple
new file mode 100644
index 000000000..cc095e6b4
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/jekyll.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/jekyll.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/jsonnet.tar.gz.simple b/tests/linux/clean/gitlab-rails/jsonnet.tar.gz.simple
new file mode 100644
index 000000000..13d6cde6e
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/jsonnet.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/jsonnet.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/kotlin_native_linux.tar.gz.simple b/tests/linux/clean/gitlab-rails/kotlin_native_linux.tar.gz.simple
new file mode 100644
index 000000000..ad2d81574
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/kotlin_native_linux.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/kotlin_native_linux.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/laravel.tar.gz.simple b/tests/linux/clean/gitlab-rails/laravel.tar.gz.simple
new file mode 100644
index 000000000..f4f0912b1
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/laravel.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/laravel.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/middleman.tar.gz.simple b/tests/linux/clean/gitlab-rails/middleman.tar.gz.simple
new file mode 100644
index 000000000..b9bbb454b
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/middleman.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/middleman.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nfgitbook.tar.gz.simple b/tests/linux/clean/gitlab-rails/nfgitbook.tar.gz.simple
new file mode 100644
index 000000000..014250e32
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nfgitbook.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/nfgitbook.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nfhexo.tar.gz.simple b/tests/linux/clean/gitlab-rails/nfhexo.tar.gz.simple
new file mode 100644
index 000000000..72ff201c7
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nfhexo.tar.gz.simple
@@ -0,0 +1,4 @@
+# linux/clean/gitlab-rails/nfhexo.tar.gz ∴ /project.bundle: low
+crypto/aes: low
+# linux/clean/gitlab-rails/nfhexo.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nfhugo.tar.gz.simple b/tests/linux/clean/gitlab-rails/nfhugo.tar.gz.simple
new file mode 100644
index 000000000..3f52db36e
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nfhugo.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/nfhugo.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nfjekyll.tar.gz.simple b/tests/linux/clean/gitlab-rails/nfjekyll.tar.gz.simple
new file mode 100644
index 000000000..c5e20967e
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nfjekyll.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/nfjekyll.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nfplainhtml.tar.gz.simple b/tests/linux/clean/gitlab-rails/nfplainhtml.tar.gz.simple
new file mode 100644
index 000000000..0fe70fe5e
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nfplainhtml.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/nfplainhtml.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/nist_80053r5.tar.gz.simple b/tests/linux/clean/gitlab-rails/nist_80053r5.tar.gz.simple
new file mode 100644
index 000000000..c66810215
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/nist_80053r5.tar.gz.simple
@@ -0,0 +1,27 @@
+# linux/clean/gitlab-rails/nist_80053r5.tar.gz ∴ /tree/project/project_badges.ndjson: low
+net/url/embedded: low
+# linux/clean/gitlab-rails/nist_80053r5.tar.gz ∴ /tree/project.json: low
+credential/password: low
+# linux/clean/gitlab-rails/nist_80053r5.tar.gz ∴ /tree/project/labels.ndjson: low
+crypto/public_key: low
+# linux/clean/gitlab-rails/nist_80053r5.tar.gz ∴ /tree/project/issues.ndjson: medium
+anti-static/obfuscation/obfuscate: low
+c2/addr/ip: medium
+credential/password: low
+crypto/public_key: low
+discover/network/mac_address: medium
+exec/shell/command: medium
+exfil: medium
+exfil/stealer/credit_card: medium
+fs/file/delete_forcibly: low
+impact/exploit: medium
+impact/remote_access/agent: medium
+impact/remote_access/backdoor: medium
+impact/remote_access/trojan: medium
+lateral/scan/brute_force: low
+malware/ref: medium
+net/download: medium
+net/ip: low
+net/ip/spoof: medium
+sus/intercept: medium
+sus/malicious: medium
diff --git a/tests/linux/clean/gitlab-rails/pelican.tar.gz.simple b/tests/linux/clean/gitlab-rails/pelican.tar.gz.simple
new file mode 100644
index 000000000..fba33c20e
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/pelican.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/pelican.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/plainhtml.tar.gz.simple b/tests/linux/clean/gitlab-rails/plainhtml.tar.gz.simple
new file mode 100644
index 000000000..68f6ca1f4
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/plainhtml.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/plainhtml.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/rails.tar.gz.simple b/tests/linux/clean/gitlab-rails/rails.tar.gz.simple
new file mode 100644
index 000000000..30ecc22a1
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/rails.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/rails.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/salesforcedx.tar.gz.simple b/tests/linux/clean/gitlab-rails/salesforcedx.tar.gz.simple
new file mode 100644
index 000000000..edceedf05
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/salesforcedx.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/salesforcedx.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/serverless_framework.tar.gz.simple b/tests/linux/clean/gitlab-rails/serverless_framework.tar.gz.simple
new file mode 100644
index 000000000..1cb22aea1
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/serverless_framework.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/serverless_framework.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/spring.tar.gz.simple b/tests/linux/clean/gitlab-rails/spring.tar.gz.simple
new file mode 100644
index 000000000..cdbd9860c
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/spring.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/spring.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/tencent_serverless_framework.tar.gz.simple b/tests/linux/clean/gitlab-rails/tencent_serverless_framework.tar.gz.simple
new file mode 100644
index 000000000..b37648d50
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/tencent_serverless_framework.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/tencent_serverless_framework.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/gitlab-rails/typo3_distribution.tar.gz.simple b/tests/linux/clean/gitlab-rails/typo3_distribution.tar.gz.simple
new file mode 100644
index 000000000..95d7675bf
--- /dev/null
+++ b/tests/linux/clean/gitlab-rails/typo3_distribution.tar.gz.simple
@@ -0,0 +1,2 @@
+# linux/clean/gitlab-rails/typo3_distribution.tar.gz ∴ /tree/project.json: low
+credential/password: low
diff --git a/tests/linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple b/tests/linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple
index e69de29bb..2647ee2ae 100644
--- a/tests/linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple
+++ b/tests/linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json.simple
@@ -0,0 +1,7 @@
+# linux/clean/kibana/2d62889e-e758-4c5e-b57e-c735914ee32a_101.json: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: low
+exec/shell/power: medium
+impact/degrade/win_defender: low
+net/download: medium
+net/url/embedded: low
diff --git a/tests/linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple b/tests/linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple
index e69de29bb..91bdb6920 100644
--- a/tests/linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple
+++ b/tests/linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json.simple
@@ -0,0 +1,10 @@
+# linux/clean/kibana/2e29e96a-b67c-455a-afe4-de6183431d0d_111.json: medium
+3P/sig_base/hacktool_strings_p0wnedshell: low
+c2/tool_transfer/os: low
+exec/shell/power: medium
+impact/infection/infected: medium
+malware/ref: medium
+mem/protect: low
+net/download: medium
+net/url/embedded: low
+sus/malicious: medium
diff --git a/tests/linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple b/tests/linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple
index e69de29bb..b4fd0b41c 100644
--- a/tests/linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple
+++ b/tests/linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json.simple
@@ -0,0 +1,18 @@
+# linux/clean/kibana/3728c08d-9b70-456b-b6b8-007c7d246128_5.json: critical
+c2/tool_transfer/os: low
+evasion/file/location/dev_shm: medium
+evasion/file/prefix: high
+evasion/file/prefix/dev: low
+exec/shell/command: medium
+exec/system_controls/systemd: low
+fs/path/etc: low
+fs/path/etc_initd: medium
+fs/path/home: low
+fs/path/home_config: low
+fs/path/root: medium
+fs/path/usr_local: medium
+fs/path/var: low
+net/url/embedded: low
+persist/shell/bash: high
+persist/shell/zsh: medium
+privesc/sudoers: medium
diff --git a/tests/linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple b/tests/linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple
index e69de29bb..2dd51b9fd 100644
--- a/tests/linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple
+++ b/tests/linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json.simple
@@ -0,0 +1,10 @@
+# linux/clean/kibana/83bf249e-4348-47ba-9741-1202a09556ad_101.json: critical
+anti-static/obfuscation/powershell: critical
+c2/tool_transfer/os: low
+exec/shell/command: medium
+exec/shell/power: medium
+false-positives/kibana: low
+malware/ref: medium
+net/download: medium
+net/download/fetch: medium
+net/url/embedded: low
diff --git a/tests/linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple b/tests/linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple
index e69de29bb..497650f83 100644
--- a/tests/linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple
+++ b/tests/linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json.simple
@@ -0,0 +1,8 @@
+# linux/clean/kibana/8da41fc9-7735-4b24-9cc6-c78dfc9fc9c9_108.json: medium
+c2/tool_transfer/os: low
+impact/exploit: medium
+impact/exploit/cve: medium
+impact/exploit/pwnkit: low
+impact/remote_access/agent: medium
+net/url/embedded: low
+os/fd/multiplex: low
diff --git a/tests/linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple b/tests/linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple
index e69de29bb..58be526e4 100644
--- a/tests/linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple
+++ b/tests/linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json.simple
@@ -0,0 +1,8 @@
+# linux/clean/kibana/951779c2-82ad-4a6c-82b8-296c1f691449_2.json: medium
+3P/sig_base/p0wnedpotato: low
+c2/tool_transfer/os: low
+exec/shell/power: medium
+net/download: medium
+net/rpc/ntlm: medium
+net/url/embedded: low
+sus/intercept: medium
diff --git a/tests/linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple b/tests/linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple
index e69de29bb..8f1441792 100644
--- a/tests/linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple
+++ b/tests/linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json.simple
@@ -0,0 +1,10 @@
+# linux/clean/kibana/ac96ceb8-4399-4191-af1d-4feeac1f1f46_108.json: medium
+3P/sig_base/hacktool_strings_p0wnedshell: low
+c2/tool_transfer/os: low
+credential/password: low
+exec/shell/power: medium
+impact/infection/infected: medium
+malware/ref: medium
+net/url/embedded: low
+sec-tool/credentials/mimikatz: low
+sus/malicious: medium
diff --git a/tests/linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple b/tests/linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple
index e69de29bb..57efb4160 100644
--- a/tests/linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple
+++ b/tests/linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json.simple
@@ -0,0 +1,25 @@
+# linux/clean/kibana/cde1bafa-9f01-4f43-a872-605b678968b0_111.json: high
+3P/sig_base/hacktool_strings_p0wnedshell: low
+3P/sig_base/hktl_domainpasswordspray: low
+3P/sig_base/p0wnedpotato: low
+3P/sig_base/wmimplant: low
+c2/addr/ip: medium
+c2/tool_transfer/os: low
+credential/password: low
+crypto/decrypt: low
+exec/cmd: medium
+exec/plugin: low
+exec/shell/command: medium
+exec/shell/power: medium
+exfil/collection: medium
+exfil/upload: medium
+impact/infection/infected: medium
+impact/remote_access/backdoor: medium
+impact/remote_access/implant: medium
+impact/remote_access/reverse_shell: high
+malware/ref: medium
+net/dns/txt: low
+net/download: medium
+net/ip/addr: medium
+net/url/embedded: low
+sus/malicious: medium
diff --git a/tests/linux/clean/kibana/credential_access_dumping_keychain_security.json.simple b/tests/linux/clean/kibana/credential_access_dumping_keychain_security.json.simple
index e69de29bb..a48e6914e 100644
--- a/tests/linux/clean/kibana/credential_access_dumping_keychain_security.json.simple
+++ b/tests/linux/clean/kibana/credential_access_dumping_keychain_security.json.simple
@@ -0,0 +1,4 @@
+# linux/clean/kibana/credential_access_dumping_keychain_security.json: low
+c2/tool_transfer/os: low
+credential/password: low
+net/url/embedded: low
diff --git a/tests/linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json.simple b/tests/linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json.simple
index e69de29bb..d735b35e5 100644
--- a/tests/linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json.simple
+++ b/tests/linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json.simple
@@ -0,0 +1,8 @@
+# linux/clean/kibana/defense_evasion_defender_exclusion_via_powershell.json: medium
+c2/tool_transfer/os: low
+exec/shell/power: medium
+impact/degrade/win_defender: low
+impact/exploit: medium
+malware/ref: medium
+net/url/embedded: low
+sus/malicious: medium
diff --git a/tests/linux/clean/minio_x86_64.md b/tests/linux/clean/minio_x86_64.md
index e69de29bb..4bc6f9b75 100644
--- a/tests/linux/clean/minio_x86_64.md
+++ b/tests/linux/clean/minio_x86_64.md
@@ -0,0 +1,184 @@
+## linux/clean/minio_x86_64 [🛑 HIGH]
+
+| RISK | KEY | DESCRIPTION | EVIDENCE |
+|--|--|--|--|
+| HIGH | [evasion/logging/hide_shell_history](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/logging/hide_shell_history.yara#hide_shell_history) | Hides shell command history | [set +o history](https://github.com/search?q=set+%2Bo+history&type=code) |
+| HIGH | [net/ip/host_port](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/host_port.yara#hardcoded_host_port_over_10k) | hardcoded hostname:port destination with high port | [play.min.io:9000](https://github.com/search?q=play.min.io%3A9000&type=code) |
+| MEDIUM | [anti-behavior/vm_check](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-behavior/vm-check.yara#vm_checker) | Checks to see if it is running with a VM | [GenuineIntel](https://github.com/search?q=GenuineIntel&type=code)<br>[QEMU Virtual CPU](https://github.com/search?q=QEMU+Virtual+CPU&type=code)<br>[VMware](https://github.com/search?q=VMware&type=code) |
+| MEDIUM | [anti-static/obfuscation/reverse](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/obfuscation/reverse.yara#string_reversal) | reverses strings | [split("").reverse().join("")](https://github.com/search?q=split%28%22%22%29.reverse%28%29.join%28%22%22%29&type=code) |
+| MEDIUM | [c2/addr/http_dynamic](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/http-dynamic.yara#http_dynamic) | URL that is dynamically generated | [http://%sServer](http://%sServer)<br>[http://%sStopped](http://%sStopped)<br>[https://%s.blob.core.windows.netattempted](https://%s.blob.core.windows.netattempted)<br>[https://%serror](https://%serror)<br>[https://%snil](https://%snil) |
+| MEDIUM | [c2/addr/ip](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/ip.yara#ip_port_mention) | mentions an IP and port | [IP](https://github.com/search?q=IP&type=code)<br>[aIp](https://github.com/search?q=aIp&type=code)<br>[angleIp](https://github.com/search?q=angleIp&type=code)<br>[bind_port](https://github.com/search?q=bind_port&type=code)<br>[cIp](https://github.com/search?q=cIp&type=code)<br>[cachedPort](https://github.com/search?q=cachedPort&type=code)<br>[check_port](https://github.com/search?q=check_port&type=code)<br>[client_ip](https://github.com/search?q=client_ip&type=code)<br>[commandPort](https://github.com/search?q=commandPort&type=code)<br>[connect_ip](https://github.com/search?q=connect_ip&type=code)<br>[connect_port](https://github.com/search?q=connect_port&type=code)<br>[domainPort](https://github.com/search?q=domainPort&type=code)<br>[fromPort](https://github.com/search?q=fromPort&type=code)<br>[gIp](https://github.com/search?q=gIp&type=code)<br>[geo_ip](https://github.com/search?q=geo_ip&type=code)<br>[hasPort](https://github.com/search?q=hasPort&type=code)<br>[inputPort](https://github.com/search?q=inputPort&type=code)<br>[ipPort](https://github.com/search?q=ipPort&type=code)<br>[ip_port](https://github.com/search?q=ip_port&type=code)<br>[kIp](https://github.com/search?q=kIp&type=code)<br>[lIp](https://github.com/search?q=lIp&type=code)<br>[lookupPort](https://github.com/search?q=lookupPort&type=code)<br>[nIp](https://github.com/search?q=nIp&type=code)<br>[neighbor_ip](https://github.com/search?q=neighbor_ip&type=code)<br>[oIp](https://github.com/search?q=oIp&type=code)<br>[osIp](https://github.com/search?q=osIp&type=code)<br>[outputPort](https://github.com/search?q=outputPort&type=code)<br>[parsePort](https://github.com/search?q=parsePort&type=code)<br>[remotePort](https://github.com/search?q=remotePort&type=code)<br>[sas_port](https://github.com/search?q=sas_port&type=code)<br>[setPort](https://github.com/search?q=setPort&type=code)<br>[source_ip](https://github.com/search?q=source_ip&type=code)<br>[src_ip](https://github.com/search?q=src_ip&type=code)<br>[tIp](https://github.com/search?q=tIp&type=code)<br>[vIp](https://github.com/search?q=vIp&type=code)<br>[valuePort](https://github.com/search?q=valuePort&type=code)<br>[workerPort](https://github.com/search?q=workerPort&type=code) |
+| MEDIUM | [c2/addr/server](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/server.yara#server_address) | references a 'server address', possible C2 client | [serverAddr](https://github.com/search?q=serverAddr&type=code)<br>[serverURL](https://github.com/search?q=serverURL&type=code)<br>[xmlserver_addrldapAttrib_lockEnabledforceCreat](https://github.com/search?q=xmlserver_addrldapAttrib_lockEnabledforceCreat&type=code) |
+| MEDIUM | [c2/client](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/client.yara#clientID) | contains a client ID | [clientID](https://github.com/search?q=clientID&type=code)<br>[clientId](https://github.com/search?q=clientId&type=code)<br>[client_id](https://github.com/search?q=client_id&type=code) |
+| MEDIUM | [c2/refs](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/refs.yara#download_ref) | downloads files | [download file](https://github.com/search?q=download+file&type=code) |
+| MEDIUM | [c2/tool_transfer/os](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/os.yara#multiple_os_ref) | references multiple operating systems | [Darwin](https://github.com/search?q=Darwin&type=code)<br>[Linux](https://github.com/search?q=Linux&type=code)<br>[Windows](https://github.com/search?q=Windows&type=code)<br>[http://](http://)<br>[https://](https://)<br>[macOS](https://github.com/search?q=macOS&type=code) |
+| MEDIUM | [collect/archives/zip](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/archives/zip.yara#zip) | Works with zip files | [archive/zip](https://github.com/search?q=archive%2Fzip&type=code)<br>[zip files](https://github.com/search?q=zip+files&type=code) |
+| MEDIUM | [collect/databases/mysql](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/databases/mysql.yara#mysql) | accesses MySQL databases | [mysql](https://github.com/search?q=mysql&type=code) |
+| MEDIUM | [collect/databases/postgresql](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/databases/postgresql.yara#postgresql) | accesses PostgreSQL databases | [postgresql](https://github.com/search?q=postgresql&type=code) |
+| MEDIUM | [credential/cloud/g](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/cloud/gcloud.yara#gcloud_config_value) | Access gcloud configuration files | [.config/gcloud](https://github.com/search?q=.config%2Fgcloud&type=code)<br>[application_default_credentials.json](https://github.com/search?q=application_default_credentials.json&type=code) |
+| MEDIUM | [credential/gaming/minecraft](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/gaming/minecraft.yara#minecraft) | Has references to Minecraft | [minecraft](https://github.com/search?q=minecraft&type=code) |
+| MEDIUM | [crypto/cipher](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/cipher.yara#ciphertext) | mentions 'ciphertext' | [ciphertext](https://github.com/search?q=ciphertext&type=code) |
+| MEDIUM | [crypto/uuid](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/uuid.yara#random_uuid) | generates a random UUID | [randomUUID](https://github.com/search?q=randomUUID&type=code) |
+| MEDIUM | [data/embedded/base64](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/base64.yara#base64_content) | Contains embedded base64 content | ["T1RUTwALAIAAAwAwQ0ZGIDHtZg4AAAOYAAAAgUZGVE1lkzZwAAAEHAAAABxHREVGABQAFQAABDgAAAAeT1MvMlYNYwkAAAEgAAAAYGNtYXABDQLUAAACNAAAAUJoZWFk/xVFDQAAALwAAAA2aGhlYQdkA+oAAAD0AAAAJGhtdHgD6AAAAAAEWAAAAAZtYXhwAAJQAAAAARgAAAAGbmFtZVjmdH4AAAGAAAAAsXBvc3T/hgAzAAADeAAAACAAAQAAAAEAALZRFsRfDzz1AAsD6AAAAADOBOTLAAAAAM4KHDwAAAAAA+gDIQAAAAgAAgAAAAAAAAABAAADIQAAAFoD6AAAAAAD6AABAAAAAAAAAAAAAAAAAAAAAQAAUAAAAgAAAAQD6AH0AAUAAAKKArwAAACMAooCvAAAAeAAMQECAAACAAYJAAAAAAAAAAAAAQAAAAAAAAAAAAAAAFBmRWQAwAAuAC4DIP84AFoDIQAAAAAAAQAAAAAAAAAAACAAIAA::$b64_st](https://github.com/search?q=%22T1RUTwALAIAAAwAwQ0ZGIDHtZg4AAAOYAAAAgUZGVE1lkzZwAAAEHAAAABxHREVGABQAFQAABDgAAAAeT1MvMlYNYwkAAAEgAAAAYGNtYXABDQLUAAACNAAAAUJoZWFk%2FxVFDQAAALwAAAA2aGhlYQdkA%2BoAAAD0AAAAJGhtdHgD6AAAAAAEWAAAAAZtYXhwAAJQAAAAARgAAAAGbmFtZVjmdH4AAAGAAAAAsXBvc3T%2FhgAzAAADeAAAACAAAQAAAAEAALZRFsRfDzz1AAsD6AAAAADOBOTLAAAAAM4KHDwAAAAAA%2BgDIQAAAAgAAgAAAAAAAAABAAADIQAAAFoD6AAAAAAD6AABAAAAAAAAAAAAAAAAAAAAAQAAUAAAAgAAAAQD6AH0AAUAAAKKArwAAACMAooCvAAAAeAAMQECAAACAAYJAAAAAAAAAAAAAQAAAAAAAAAAAAAAAFBmRWQAwAAuAC4DIP84AFoDIQAAAAAAAQAAAAAAAAAAACAAIAA%3A%3A%24b64_st&type=code) |
+| MEDIUM | [data/embedded/html](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/embedded-html.yara#html) | Contains HTML content | [<a href>](https://github.com/search?q=%3Ca+href%3E&type=code)<br>[<html lang](https://github.com/search?q=%3Chtml+lang&type=code)<br>[<html>](https://github.com/search?q=%3Chtml%3E&type=code)<br>[DOCTYPE html](https://github.com/search?q=DOCTYPE+html&type=code) |
+| MEDIUM | [discover/network/interface_list](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/interface-list.yara#bsd_ifaddrs) | list network interfaces | [ifconfig](https://github.com/search?q=ifconfig&type=code) |
+| MEDIUM | [discover/network/mac_address](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/mac-address.yara#macaddr) | Retrieves network MAC address | [MAC address](https://github.com/search?q=MAC+address&type=code)<br>[macAddress](https://github.com/search?q=macAddress&type=code) |
+| MEDIUM | [discover/network/netstat](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/netstat.yara#netstat) | Uses 'netstat' for network information | [netstats](https://github.com/search?q=netstats&type=code)<br>[netstat|nice|nl|node|no](https://github.com/search?q=netstat%7Cnice%7Cnl%7Cnode%7Cno&type=code) |
+| MEDIUM | [discover/process/name](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/process/name.yara#process_name) | get the current process name | [process_name](https://github.com/search?q=process_name&type=code) |
+| MEDIUM | [discover/processes/list](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/processes/list.yara#proclist) | accesses process list | [shirou/gopsutil](https://github.com/search?q=shirou%2Fgopsutil&type=code) |
+| MEDIUM | [discover/processes/pgrep](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/processes/pgrep.yara#pgrep) | Finds program in process table | [pgrep_per_](https://github.com/search?q=pgrep_per_&type=code) |
+| MEDIUM | [discover/system/platform](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/platform.yara#npm_uname) | [get system identification](https://nodejs.org/api/process.html) | [process.versions](https://github.com/search?q=process.versions&type=code) |
+| MEDIUM | [discover/system/sysinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/sysinfo.yara#sysinfo) | [get system information (load, swap)](https://man7.org/linux/man-pages/man2/sysinfo.2.html) | [sysinfo](https://github.com/search?q=sysinfo&type=code) |
+| MEDIUM | [discover/user/name_get](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/user/username-get.yara#whoami) | [returns the user name running this process](https://man7.org/linux/man-pages/man1/whoami.1.html) | [whoami](https://github.com/search?q=whoami&type=code) |
+| MEDIUM | [evasion/bypass_security/linux/iptables](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/bypass_security/linux/iptables.yara#iptables) | [interacts with the iptables firewall](https://www.netfilter.org/projects/iptables/) | [iptables](https://github.com/search?q=iptables&type=code) |
+| MEDIUM | [evasion/file/location/var_run](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/file/location/var-run.yara#var_run_subfolder) | references subfolder within /var/run | [/var/run/log/](https://github.com/search?q=%2Fvar%2Frun%2Flog%2F&type=code)<br>[/var/run/secrets/](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2F&type=code) |
+| MEDIUM | [evasion/file/prefix](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/file/prefix/prefix.yara#static_hidden_path) | hidden path in a system directory | [/declare/.source](https://github.com/search?q=%2Fdeclare%2F.source&type=code)<br>[/dex/.well-known](https://github.com/search?q=%2Fdex%2F.well-known&type=code)<br>[/health/v59/readxlunsupported/.dockerenvgcs-tier](https://github.com/search?q=%2Fhealth%2Fv59%2Freadxlunsupported%2F.dockerenvgcs-tier&type=code)<br>[/home/build/.cache](https://github.com/search?q=%2Fhome%2Fbuild%2F.cache&type=code)<br>[/imagewriter/.source](https://github.com/search?q=%2Fimagewriter%2F.source&type=code)<br>[/interactive/.source](https://github.com/search?q=%2Finteractive%2F.source&type=code)<br>[/lodash/lodash/blob/master/.internal](https://github.com/search?q=%2Flodash%2Flodash%2Fblob%2Fmaster%2F.internal&type=code)<br>[/run/.containerenvtotal](https://github.com/search?q=%2Frun%2F.containerenvtotal&type=code)<br>[/tmp/.trashDecomCopyDel](https://github.com/search?q=%2Ftmp%2F.trashDecomCopyDel&type=code) |
+| MEDIUM | [exec/cmd](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/cmd/cmd.yara#exec) | executes a command | [ExecCommand](https://github.com/search?q=ExecCommand&type=code)<br>[execCommand:](https://github.com/search?q=execCommand%3A&type=code)<br>[executeCommand](https://github.com/search?q=executeCommand&type=code)<br>[runShellCommandAsynchronously](https://github.com/search?q=runShellCommandAsynchronously&type=code)<br>[serviceRestartCommand](https://github.com/search?q=serviceRestartCommand&type=code) |
+| MEDIUM | [exec/program](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/program/program.yara#exec_cmd_run) | executes external programs | [).CombinedOutput](https://github.com/search?q=%29.CombinedOutput&type=code)<br>[exec.(*Cmd).Run](https://github.com/search?q=exec.%28%2ACmd%29.Run&type=code) |
+| MEDIUM | [exec/script/activex](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/script/activex.yara#ActiveXObject) | Create an ActiveX object | [ActiveXObject](https://github.com/search?q=ActiveXObject&type=code) |
+| MEDIUM | [exec/shell/pipe_sh](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/pipe_sh.yara#pipe_to_shell) | pipes to shell | [| sh](https://github.com/search?q=%7C+sh&type=code) |
+| MEDIUM | [exec/shell/power](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/powershell.yara#powershell) | runs powershell scripts | [powershell](https://github.com/search?q=powershell&type=code) |
+| MEDIUM | [exfil/office_file_ext](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/office_file_ext.yara#office_extensions) | References multiple Office file extensions (possible exfil) | [docx](https://github.com/search?q=docx&type=code)<br>[ppt](https://github.com/search?q=ppt&type=code)<br>[xlsx](https://github.com/search?q=xlsx&type=code) |
+| MEDIUM | [exfil/upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/upload.yara#upload_file) | uploads files | [upload file](https://github.com/search?q=upload+file&type=code) |
+| MEDIUM | [fs/file/copy](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-copy.yara#file_copy_cp) | copy files using cp | [cp --version-id](https://github.com/search?q=cp+--version-id&type=code)<br>[cp extends Cn](https://github.com/search?q=cp+extends+Cn&type=code) |
+| MEDIUM | [fs/file/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-create.yara#CreateFile) | create a new file | [CreateFileHandler](https://github.com/search?q=CreateFileHandler&type=code)<br>[CreateFileReadFile](https://github.com/search?q=CreateFileReadFile&type=code) |
+| MEDIUM | [fs/file/delete](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-delete.yara#DeleteFile) | delete a file | [DeleteFileDeleteVe](https://github.com/search?q=DeleteFileDeleteVe&type=code)<br>[DeleteFileHandlerP](https://github.com/search?q=DeleteFileHandlerP&type=code) |
+| MEDIUM | [fs/file/make_executable](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-make_executable.yara#chmod_executable_shell) | makes file executable | [chmod u+rxw](https://github.com/search?q=chmod+u%2Brxw&type=code) |
+| MEDIUM | [fs/loopback](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/loopback.yara#dev_loopback) | access virtual block devices (loopback) | [/dev/loopbandwidththresho](https://github.com/search?q=%2Fdev%2Floopbandwidththresho&type=code) |
+| MEDIUM | [fs/path/etc_hosts](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc-hosts.yara#etc_hosts) | references /etc/hosts | [/etc/hosts](https://github.com/search?q=%2Fetc%2Fhosts&type=code) |
+| MEDIUM | [fs/path/root](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/root.yara#root_path_val) | path reference within /root | [/root](https://github.com/search?q=%2Froot&type=code) |
+| MEDIUM | [fs/path/tmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/tmp.yara#tmp_path) | path reference within /tmp | [/tmp/.trashDecomCopyDeleteMarkerDecommissionedBucketsDrive](https://github.com/search?q=%2Ftmp%2F.trashDecomCopyDeleteMarkerDecommissionedBucketsDrive&type=code)<br>[/tmp/dest/](https://github.com/search?q=%2Ftmp%2Fdest%2F&type=code)<br>[/tmp/dir/](https://github.com/search?q=%2Ftmp%2Fdir%2F&type=code)<br>[/tmp/hello-world.go](https://github.com/search?q=%2Ftmp%2Fhello-world.go&type=code)<br>[/tmp/myminio-iam-info.zip](https://github.com/search?q=%2Ftmp%2Fmyminio-iam-info.zip&type=code)<br>[/tmp/mysql.sockclientFoundRowsmultiStatementsUNSIGNED](https://github.com/search?q=%2Ftmp%2Fmysql.sockclientFoundRowsmultiStatementsUNSIGNED&type=code)<br>[/tmp/policy.json.](https://github.com/search?q=%2Ftmp%2Fpolicy.json.&type=code)<br>[/tmp/this/new/dir1](https://github.com/search?q=%2Ftmp%2Fthis%2Fnew%2Fdir1&type=code)<br>[/tmp/writeonly.json](https://github.com/search?q=%2Ftmp%2Fwriteonly.json&type=code) |
+| MEDIUM | [fs/path/users](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/users.yara#home_path_users) | references path within /Users | [/Users/AddUserHelpBox.tsx](https://github.com/search?q=%2FUsers%2FAddUserHelpBox.tsx&type=code)<br>[/Users/AddUserScreen.tsx](https://github.com/search?q=%2FUsers%2FAddUserScreen.tsx&type=code)<br>[/Users/AddUserServiceAccountHelpBox.tsx](https://github.com/search?q=%2FUsers%2FAddUserServiceAccountHelpBox.tsx&type=code)<br>[/Users/AddUserServiceAccountScreen.tsx](https://github.com/search?q=%2FUsers%2FAddUserServiceAccountScreen.tsx&type=code)<br>[/Users/AddUsersSlice.tsx](https://github.com/search?q=%2FUsers%2FAddUsersSlice.tsx&type=code)<br>[/Users/BulkAddToGroup.tsx](https://github.com/search?q=%2FUsers%2FBulkAddToGroup.tsx&type=code)<br>[/Users/ChangeUserGroups.tsx](https://github.com/search?q=%2FUsers%2FChangeUserGroups.tsx&type=code)<br>[/Users/DeleteMultipleServiceAccounts.tsx](https://github.com/search?q=%2FUsers%2FDeleteMultipleServiceAccounts.tsx&type=code)<br>[/Users/DeleteUser.tsx](https://github.com/search?q=%2FUsers%2FDeleteUser.tsx&type=code)<br>[/Users/GroupsSelectors.tsx](https://github.com/search?q=%2FUsers%2FGroupsSelectors.tsx&type=code)<br>[/Users/ListUsers.tsx](https://github.com/search?q=%2FUsers%2FListUsers.tsx&type=code)<br>[/Users/PasswordSelector.tsx](https://github.com/search?q=%2FUsers%2FPasswordSelector.tsx&type=code)<br>[/Users/SetUserPolicies.tsx](https://github.com/search?q=%2FUsers%2FSetUserPolicies.tsx&type=code)<br>[/Users/UserDetails.tsx](https://github.com/search?q=%2FUsers%2FUserDetails.tsx&type=code)<br>[/Users/UserSelector.tsx](https://github.com/search?q=%2FUsers%2FUserSelector.tsx&type=code)<br>[/Users/UserServiceAccountsPanel.tsx](https://github.com/search?q=%2FUsers%2FUserServiceAccountsPanel.tsx&type=code)<br>[/Users/Users.tsx](https://github.com/search?q=%2FUsers%2FUsers.tsx&type=code)<br>[/Users/thunk/AddUsersThunk.tsx](https://github.com/search?q=%2FUsers%2Fthunk%2FAddUsersThunk.tsx&type=code)<br>[/Users/types](https://github.com/search?q=%2FUsers%2Ftypes&type=code) |
+| MEDIUM | [fs/permission/chown](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/permission/permission-chown.yara#Chown) | Changes file ownership | [Chown](https://github.com/search?q=Chown&type=code) |
+| MEDIUM | [fs/permission/modify](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/permission/permission-modify.yara#chmod) | [modifies file permissions](https://linux.die.net/man/1/chmod) | [Chmod](https://github.com/search?q=Chmod&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code) |
+| MEDIUM | [fs/proc/arbitrary_pid](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/arbitrary-pid.yara#proc_arbitrary) | access /proc for arbitrary pids | [/proc/%d/cgroup/v1/](https://github.com/search?q=%2Fproc%2F%25d%2Fcgroup%2Fv1%2F&type=code) |
+| MEDIUM | [hw/dev/block_ice](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/dev/block-device.yara#block_devices) | works with block devices | [/dev/block/%v](https://github.com/search?q=%2Fdev%2Fblock%2F%25v&type=code)<br>[/dev/block/filesystemslsb](https://github.com/search?q=%2Fdev%2Fblock%2Ffilesystemslsb&type=code)<br>[/sys/dev/block](https://github.com/search?q=%2Fsys%2Fdev%2Fblock&type=code) |
+| MEDIUM | [hw/dev/mapper](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/dev/mapper.yara#dev_mapper) | [uses the device mapper framework](https://en.wikipedia.org/wiki/Device_mapper) | [/dev/mapper](https://github.com/search?q=%2Fdev%2Fmapper&type=code) |
+| MEDIUM | [hw/disk_info](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/disk-info.yara#DADisk) | [Get information about disks](https://developer.apple.com/documentation/diskarbitration) | [gopsutil/v3/disk](https://github.com/search?q=gopsutil%2Fv3%2Fdisk&type=code) |
+| MEDIUM | [impact/infection/worm](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/infection/worm.yara#worm) | References 'Worm' | [Worm](https://github.com/search?q=Worm&type=code)<br>[worm](https://github.com/search?q=worm&type=code) |
+| MEDIUM | [impact/remote_access/heartbeat](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/heartbeat.yara#heartbeat) | references a 'heartbeat' | [: HeartbeatOptions](https://github.com/search?q=%3A+HeartbeatOptions&type=code)<br>[GetHeartbeatInterval](https://github.com/search?q=GetHeartbeatInterval&type=code)<br>[GetLastHeartbeat](https://github.com/search?q=GetLastHeartbeat&type=code)<br>[Heartbeat struct](https://github.com/search?q=Heartbeat+struct&type=code)<br>[HeartbeatInboxQpr](https://github.com/search?q=HeartbeatInboxQpr&type=code)<br>[HeartbeatRequest](https://github.com/search?q=HeartbeatRequest&type=code)<br>[HeartbeatResponse](https://github.com/search?q=HeartbeatResponse&type=code)<br>[LastHeartbeatdprotobu](https://github.com/search?q=LastHeartbeatdprotobu&type=code)<br>[OnHeartbeat](https://github.com/search?q=OnHeartbeat&type=code)<br>[and must be a valid NATS subjectHeartbeatInterval](https://github.com/search?q=and+must+be+a+valid+NATS+subjectHeartbeatInterval&type=code)<br>[because heartbeat gets no](https://github.com/search?q=because+heartbeat+gets+no&type=code)<br>[cureSkipVerifyinvalid value typeheartbeat_interva](https://github.com/search?q=cureSkipVerifyinvalid+value+typeheartbeat_interva&type=code)<br>[d for field HeartbeatInboxpro](https://github.com/search?q=d+for+field+HeartbeatInboxpro&type=code)<br>[enabledinvalid consumer nameno heartbeat receive](https://github.com/search?q=enabledinvalid+consumer+nameno+heartbeat+receive&type=code)<br>[eonly valid as initial handshakeheartbeat is not](https://github.com/search?q=eonly+valid+as+initial+handshakeheartbeat+is+not&type=code)<br>[heartBeat](https://github.com/search?q=heartBeat&type=code)<br>[heartbeatFrame](https://github.com/search?q=heartbeatFrame&type=code)<br>[heartbeatInbox](https://github.com/search?q=heartbeatInbox&type=code)<br>[heartbeat_1](https://github.com/search?q=heartbeat_1&type=code)<br>[heartbeat_request](https://github.com/search?q=heartbeat_request&type=code)<br>[heartbeat_respons](https://github.com/search?q=heartbeat_respons&type=code)<br>[idle_heartbeat](https://github.com/search?q=idle_heartbeat&type=code)<br>[last_heartbeat](https://github.com/search?q=last_heartbeat&type=code)<br>[meterresponsestimestampcanonicalheartbeat](https://github.com/search?q=meterresponsestimestampcanonicalheartbeat&type=code)<br>[n heartbeat:](https://github.com/search?q=n++++++++heartbeat%3A&type=code)<br>[n heartbeatOptions](https://github.com/search?q=n++++++++heartbeatOptions&type=code)<br>[n typeof heartbeatOptions](https://github.com/search?q=n++++++++typeof+heartbeatOptions&type=code)<br>[n const heartbeatOptions](https://github.com/search?q=n++++const+heartbeatOptions&type=code)<br>[n heartbeatCb](https://github.com/search?q=n++++heartbeatCb&type=code)<br>[n heartbeatOptions](https://github.com/search?q=n++heartbeatOptions&type=code)<br>[n let heartbeatCb:](https://github.com/search?q=n++let+heartbeatCb%3A&type=code)<br>[newHeartbeatDuration](https://github.com/search?q=newHeartbeatDuration&type=code)<br>[nexport function heartbeat](https://github.com/search?q=nexport+function+heartbeat&type=code)<br>[onConnHeartbeat](https://github.com/search?q=onConnHeartbeat&type=code)<br>[parseHeartbeatFrame](https://github.com/search?q=parseHeartbeatFrame&type=code)<br>[processHeartBeat](https://github.com/search?q=processHeartBeat&type=code)<br>[sample_ratemsg_timeout_heartbeat_](https://github.com/search?q=sample_ratemsg_timeout_heartbeat_&type=code)<br>[scheduleHeartbeatCheck](https://github.com/search?q=scheduleHeartbeatCheck&type=code)<br>[t support idle heartbeat nor flo](https://github.com/search?q=t+support+idle+heartbeat+nor+flo&type=code)<br>[t unmarshal bson bytes as SSNHeartbeats should](https://github.com/search?q=t+unmarshal+bson+bytes+as+SSNHeartbeats+should&type=code)<br>[tbeat_intervaloutput_buffer_sizeheartbeat receive](https://github.com/search?q=tbeat_intervaloutput_buffer_sizeheartbeat+receive&type=code)<br>[terror setting read deadline in heartbeater:](https://github.com/search?q=terror+setting+read+deadline+in+heartbeater%3A&type=code)<br>[undefined : heartbeatOptions](https://github.com/search?q=undefined+%3A+heartbeatOptions&type=code)<br>[w: idle heartbeat value t](https://github.com/search?q=w%3A+idle+heartbeat+value+t&type=code) |
+| MEDIUM | [impact/remote_access/iptables](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/iptables.yara#iptables_upload_http) | uploads, uses iptables and HTTP | [HTTP](https://github.com/search?q=HTTP&type=code)<br>[iptables](https://github.com/search?q=iptables&type=code)<br>[uploadCONSOLE](https://github.com/search?q=uploadCONSOLE&type=code)<br>[uploadEnabled](https://github.com/search?q=uploadEnabled&type=code)<br>[uploadFileFunction](https://github.com/search?q=uploadFileFunction&type=code)<br>[uploadFilePromises](https://github.com/search?q=uploadFilePromises&type=code)<br>[uploadFiles](https://github.com/search?q=uploadFiles&type=code)<br>[uploadFolderAction](https://github.com/search?q=uploadFolderAction&type=code)<br>[uploadFolderAllowed](https://github.com/search?q=uploadFolderAllowed&type=code)<br>[uploadFolderFunction](https://github.com/search?q=uploadFolderFunction&type=code)<br>[uploadID](https://github.com/search?q=uploadID&type=code)<br>[uploadIdversionsContin](https://github.com/search?q=uploadIdversionsContin&type=code)<br>[uploadMINIO](https://github.com/search?q=uploadMINIO&type=code)<br>[uploadObjectAllowed](https://github.com/search?q=uploadObjectAllowed&type=code)<br>[uploadOptionsOpen](https://github.com/search?q=uploadOptionsOpen&type=code)<br>[uploadOptionsSetOpen](https://github.com/search?q=uploadOptionsSetOpen&type=code)<br>[uploadPagesFromURLPrep](https://github.com/search?q=uploadPagesFromURLPrep&type=code)<br>[uploadPagesFromURLResp](https://github.com/search?q=uploadPagesFromURLResp&type=code)<br>[uploadPagesPreparer](https://github.com/search?q=uploadPagesPreparer&type=code)<br>[uploadPagesResponder](https://github.com/search?q=uploadPagesResponder&type=code)<br>[uploadPartCopyC](https://github.com/search?q=uploadPartCopyC&type=code)<br>[uploadPartReq](https://github.com/search?q=uploadPartReq&type=code)<br>[uploadPath](https://github.com/search?q=uploadPath&type=code)<br>[uploadPreparer](https://github.com/search?q=uploadPreparer&type=code)<br>[uploadPromise](https://github.com/search?q=uploadPromise&type=code)<br>[uploadRequest](https://github.com/search?q=uploadRequest&type=code)<br>[uploadResponder](https://github.com/search?q=uploadResponder&type=code)<br>[uploadSize](https://github.com/search?q=uploadSize&type=code)<br>[uploadSourceToTargetUR](https://github.com/search?q=uploadSourceToTargetUR&type=code)<br>[uploadThe](https://github.com/search?q=uploadThe&type=code)<br>[uploadTimeoutTimer](https://github.com/search?q=uploadTimeoutTimer&type=code)<br>[uploadTypeADMIN](https://github.com/search?q=uploadTypeADMIN&type=code)<br>[uploadUrl](https://github.com/search?q=uploadUrl&type=code)<br>[uploadedPartRes](https://github.com/search?q=uploadedPartRes&type=code)<br>[uploadedUnable](https://github.com/search?q=uploadedUnable&type=code)<br>[uploaderKey](https://github.com/search?q=uploaderKey&type=code)<br>[uploadincrease](https://github.com/search?q=uploadincrease&type=code)<br>[uploading](https://github.com/search?q=uploading&type=code)<br>[uploadminio](https://github.com/search?q=uploadminio&type=code)<br>[uploadrate](https://github.com/search?q=uploadrate&type=code)<br>[uploadsX](https://github.com/search?q=uploadsX&type=code)<br>[uploadsblake](https://github.com/search?q=uploadsblake&type=code)<br>[uploadsenable](https://github.com/search?q=uploadsenable&type=code)<br>[uploadsforce](https://github.com/search?q=uploadsforce&type=code)<br>[uploaduse](https://github.com/search?q=uploaduse&type=code) |
+| MEDIUM | [net/dns/reverse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-reverse.yara#in_addr_arpa) | looks up the reverse hostname for an IP | [.in-addr.arpa](https://github.com/search?q=.in-addr.arpa&type=code)<br>[ip6.arpa](https://github.com/search?q=ip6.arpa&type=code) |
+| MEDIUM | [net/download/fetch](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/download/fetch.yara#curl_value) | Invokes curl | [curl ShareErr: WriteUnsetTitle](https://github.com/search?q=curl+ShareErr%3A+WriteUnsetTitle&type=code)<br>[curl command for prefixes.could not parse](https://github.com/search?q=curl+command+for+prefixes.could+not+parse&type=code)<br>[curl command for upload](https://github.com/search?q=curl+command+for+upload&type=code)<br>[curl command to allow upload access for a single object. Command expi](https://github.com/search?q=curl+command+to+allow+upload+access+for+a+single+object.+Command+expi&type=code)<br>[curl command to allow upload access of only](https://github.com/search?q=curl+command+to+allow+upload+access+of+only&type=code)<br>[curl command to allow upload access to a folder. Command expires in 1](https://github.com/search?q=curl+command+to+allow+upload+access+to+a+folder.+Command+expires+in+1&type=code)<br>[curl command to allow upload access to any objects matching the key p](https://github.com/search?q=curl+command+to+allow+upload+access+to+any+objects+matching+the+key+p&type=code) |
+| MEDIUM | [net/http/accept](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/accept.yara#http_accept_binary) | accepts binary files via HTTP | [Accept](https://github.com/search?q=Accept&type=code)<br>[application/octet-stream](https://github.com/search?q=application%2Foctet-stream&type=code) |
+| MEDIUM | [net/http/content_length](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/content-length.yara#content_length_0) | Sets HTTP content length to zero | [Content-Length: 0](https://github.com/search?q=Content-Length%3A+0&type=code) |
+| MEDIUM | [net/http/cookies](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/cookies.yara#http_cookie) | [access HTTP resources using cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) | [Cookie](https://github.com/search?q=Cookie&type=code)<br>[HTTP](https://github.com/search?q=HTTP&type=code) |
+| MEDIUM | [net/http/form_upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/form-upload.yara#http_form_upload) | upload content via HTTP form | [POST](https://github.com/search?q=POST&type=code)<br>[application/json](https://github.com/search?q=application%2Fjson&type=code)<br>[application/x-www-form-urlencoded](https://github.com/search?q=application%2Fx-www-form-urlencoded&type=code)<br>[post](https://github.com/search?q=post&type=code) |
+| MEDIUM | [net/http/post](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/post.yara#http_post) | submits form content to websites | [Content-Type is inferred](https://github.com/search?q=Content-Type+is+inferred&type=code)<br>[Content-Type isn](https://github.com/search?q=Content-Type+isn&type=code)<br>[Content-Type to](https://github.com/search?q=Content-Type+to&type=code)<br>[Content-Type: text/plain](https://github.com/search?q=Content-Type%3A+text%2Fplain&type=code)<br>[Content-TypeX](https://github.com/search?q=Content-TypeX&type=code)<br>[Content-Typecontent](https://github.com/search?q=Content-Typecontent&type=code)<br>[Content-Typenet/http: timeout awaiting respo](https://github.com/search?q=Content-Typenet%2Fhttp%3A+timeout+awaiting+respo&type=code)<br>[Content-Typex](https://github.com/search?q=Content-Typex&type=code)<br>[HTTP](https://github.com/search?q=HTTP&type=code)<br>[POST](https://github.com/search?q=POST&type=code) |
+| MEDIUM | [net/http/webhook](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/webhook.yara#webhook) | supports webhooks | [EditWebhookEndpoint](https://github.com/search?q=EditWebhookEndpoint&type=code)<br>[GetLambdaWebhook](https://github.com/search?q=GetLambdaWebhook&type=code)<br>[GetNotifyWebhook](https://github.com/search?q=GetNotifyWebhook&type=code)<br>[IDeleteWebhookEndpoint](https://github.com/search?q=IDeleteWebhookEndpoint&type=code)<br>[NewWebhookTarget](https://github.com/search?q=NewWebhookTarget&type=code)<br>[SetNotifyWebhook](https://github.com/search?q=SetNotifyWebhook&type=code)<br>[UpdateAuditWebhooks](https://github.com/search?q=UpdateAuditWebhooks&type=code)<br>[UpdateHTTPWebhooks](https://github.com/search?q=UpdateHTTPWebhooks&type=code)<br>[WebhookArgs](https://github.com/search?q=WebhookArgs&type=code)<br>[WebhookIcon](https://github.com/search?q=WebhookIcon&type=code)<br>[WebhookSettingsProps](https://github.com/search?q=WebhookSettingsProps&type=code)<br>[WebhookSettingslist](https://github.com/search?q=WebhookSettingslist&type=code)<br>[configureSubnetWebhook](https://github.com/search?q=configureSubnetWebhook&type=code)<br>[deleteWebhookOpen](https://github.com/search?q=deleteWebhookOpen&type=code)<br>[editWebhookOpen](https://github.com/search?q=editWebhookOpen&type=code)<br>[getWebhookMetrics](https://github.com/search?q=getWebhookMetrics&type=code)<br>[initWebhook](https://github.com/search?q=initWebhook&type=code)<br>[lambdawebhook](https://github.com/search?q=lambdawebhook&type=code)<br>[loadLoggerWebhookMetrics](https://github.com/search?q=loadLoggerWebhookMetrics&type=code)<br>[lookupAuditWebhookConfig](https://github.com/search?q=lookupAuditWebhookConfig&type=code)<br>[lookupLoggerWebhookConfig](https://github.com/search?q=lookupLoggerWebhookConfig&type=code)<br>[newWebhook](https://github.com/search?q=newWebhook&type=code)<br>[notifyWebhooks](https://github.com/search?q=notifyWebhooks&type=code)<br>[onCloseEditWebhook](https://github.com/search?q=onCloseEditWebhook&type=code)<br>[renderWebhookStatus](https://github.com/search?q=renderWebhookStatus&type=code)<br>[saveWebhook](https://github.com/search?q=saveWebhook&type=code)<br>[setDeleteWebhookOpen](https://github.com/search?q=setDeleteWebhookOpen&type=code)<br>[setEditWebhookOpen](https://github.com/search?q=setEditWebhookOpen&type=code)<br>[setLoggerWebhookSubnetProxy](https://github.com/search?q=setLoggerWebhookSubnetProxy&type=code)<br>[subnetLogWebhookURL](https://github.com/search?q=subnetLogWebhookURL&type=code)<br>[swebhookDNSSHA256](https://github.com/search?q=swebhookDNSSHA256&type=code)<br>[tasksWebhook](https://github.com/search?q=tasksWebhook&type=code)<br>[updateWebhook](https://github.com/search?q=updateWebhook&type=code)<br>[webhooklambda_webhookconfig](https://github.com/search?q=webhooklambda_webhookconfig&type=code)<br>[webhookldapActualUseradmin](https://github.com/search?q=webhookldapActualUseradmin&type=code)<br>[webhookstorage_class](https://github.com/search?q=webhookstorage_class&type=code) |
+| MEDIUM | [net/http/websocket](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/websocket.yara#websocket) | [supports web sockets](https://www.rfc-editor.org/rfc/rfc6455) | [258EAFA5-E914-47DA-95CA-C5AB0DC85B11](https://github.com/search?q=258EAFA5-E914-47DA-95CA-C5AB0DC85B11&type=code)<br>[SharedWebSockets](https://github.com/search?q=SharedWebSockets&type=code)<br>[WebSocketEventMap](https://github.com/search?q=WebSocketEventMap&type=code)<br>[WebSocketHook](https://github.com/search?q=WebSocketHook&type=code)<br>[WebSocketLike](https://github.com/search?q=WebSocketLike&type=code)<br>[WebSocketMessage](https://github.com/search?q=WebSocketMessage&type=code)<br>[assertIsWebSocket](https://github.com/search?q=assertIsWebSocket&type=code)<br>[getWebSocket:k](https://github.com/search?q=getWebSocket%3Ak&type=code)<br>[getWebSocket:v](https://github.com/search?q=getWebSocket%3Av&type=code)<br>[newWebSocketAdminClient](https://github.com/search?q=newWebSocketAdminClient&type=code)<br>[newWebSocketMinioClient](https://github.com/search?q=newWebSocketMinioClient&type=code)<br>[newWebSocketS3Client](https://github.com/search?q=newWebSocketS3Client&type=code)<br>[resetWebSockets](https://github.com/search?q=resetWebSockets&type=code)<br>[sharedWebSockets:](https://github.com/search?q=sharedWebSockets%3A&type=code)<br>[useWebSocket](https://github.com/search?q=useWebSocket&type=code)<br>[webSocket:](https://github.com/search?q=webSocket%3A&type=code)<br>[webSocketInstance:](https://github.com/search?q=webSocketInstance%3A&type=code)<br>[webSocketProxy](https://github.com/search?q=webSocketProxy&type=code)<br>[webSocketRef:](https://github.com/search?q=webSocketRef%3A&type=code) |
+| MEDIUM | [net/ip/connect](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/connect.yara#ip_connect) | opens a network connection | [openConnection](https://github.com/search?q=openConnection&type=code) |
+| MEDIUM | [net/ip/icmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/icmp.yara#ping) | Uses the ping tool to generate ICMP packets | [ping check](https://github.com/search?q=ping+check&type=code)<br>[ping commands interval in s](https://github.com/search?q=ping+commands+interval+in+s&type=code)<br>[ping errorsshow replication speed for](https://github.com/search?q=ping+errorsshow+replication+speed+for&type=code)<br>[ping interval to minimum period of](https://github.com/search?q=ping+interval+to+minimum+period+of&type=code)<br>[ping not acked within timeout](https://github.com/search?q=ping+not+acked+within+timeout&type=code) |
+| MEDIUM | [net/ip/parse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip-parse.yara#ip_go) | parses IP address (IPv4 or IPv6) | [IsLinkLocalUnicast](https://github.com/search?q=IsLinkLocalUnicast&type=code)<br>[IsSingleIP](https://github.com/search?q=IsSingleIP&type=code) |
+| MEDIUM | [net/ip/spoof](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/spoof.yara#spoof) | references spoofing | [function spoofMouse](https://github.com/search?q=function+spoofMouse&type=code) |
+| MEDIUM | [net/proxy/reverse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/proxy/reverse_proxy.yara#reverse_proxy) | Implements a reverse proxy | [reverseproxy](https://github.com/search?q=reverseproxy&type=code) |
+| MEDIUM | [net/proxy/socks5](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/proxy/socks5.yara#socks5) | Supports SOCK5 proxies | [CONNECT %s](https://github.com/search?q=CONNECT+%25s&type=code)<br>[SOCKS5](https://github.com/search?q=SOCKS5&type=code)<br>[socks5](https://github.com/search?q=socks5&type=code) |
+| MEDIUM | [net/rpc/ntlm](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/rpc/ntlm.yara#windows_ntlm_auth) | supports Windows NTLM authentication | [ntlmssp](https://github.com/search?q=ntlmssp&type=code) |
+| MEDIUM | [net/socket/listen](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-listen.yara#listen) | generic listen string | [accept](https://github.com/search?q=accept&type=code)<br>[listen](https://github.com/search?q=listen&type=code)<br>[socket](https://github.com/search?q=socket&type=code) |
+| MEDIUM | [net/socket/raw](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/raw.yara#raw_sockets) | [send raw and/or malformed IP packets](https://man7.org/linux/man-pages/man7/raw.7.html) | [makePacket](https://github.com/search?q=makePacket&type=code) |
+| MEDIUM | [net/tcp/connect](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/connect.yara#connect_tcp) | connects to a TCP port | [dialTCP](https://github.com/search?q=dialTCP&type=code) |
+| MEDIUM | [net/tcp/sftp](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/sftp.yara#sftp) | Supports sftp (FTP over SSH) | [sftp](https://github.com/search?q=sftp&type=code)<br>[sshFxpWritePacket](https://github.com/search?q=sshFxpWritePacket&type=code) |
+| MEDIUM | [net/tcp/ssh](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/ssh.yara#ssh) | Uses crypto/ssh to connect to the SSH (secure shell) service | [SSH](https://github.com/search?q=SSH&type=code) |
+| MEDIUM | [net/url/encode](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/encode.yara#url_encode) | encodes URL, likely to pass GET variables | [urlencode](https://github.com/search?q=urlencode&type=code) |
+| MEDIUM | [net/url/request](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/request.yara#requests_urls) | requests resources via URL | [http.request](https://github.com/search?q=http.request&type=code)<br>[net/url](https://github.com/search?q=net%2Furl&type=code) |
+| MEDIUM | [persist/cron/tab](https://github.com/chainguard-dev/malcontent/blob/main/rules/persist/cron/tab.yara#crontab_support) | lists crontab entries, may also persist | [crontab](https://github.com/search?q=crontab&type=code) |
+| MEDIUM | [persist/pid_file](https://github.com/chainguard-dev/malcontent/blob/main/rules/persist/pid_file.yara#pid_file) | pid file, likely DIY daemon | [/shirou/gopsutil/v3/process.pid](https://github.com/search?q=%2Fshirou%2Fgopsutil%2Fv3%2Fprocess.pid&type=code)<br>[PidFile](https://github.com/search?q=PidFile&type=code) |
+| MEDIUM | [privesc/sudo](https://github.com/chainguard-dev/malcontent/blob/main/rules/privesc/sudo.yara#sudo) | calls sudo | [sudo chmod u](https://github.com/search?q=sudo+chmod+u&type=code)<br>[sudo chown -R %s %s](https://github.com/search?q=sudo+chown+-R+%25s+%25s&type=code)<br>[sudo chown -R %s.](https://github.com/search?q=sudo+chown+-R+%25s.&type=code)<br>[sudo setcap cap_net_bind_service](https://github.com/search?q=sudo+setcap+cap_net_bind_service&type=code) |
+| MEDIUM | [sus/exclamation](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/exclamation.yara#exclamations) | gets very excited | [Call with too many input arguments!!](https://github.com/search?q=Call+with+too+many+input+arguments%21%21&type=code)<br>[Unable to initialize template writer!!](https://github.com/search?q=Unable+to+initialize+template+writer%21%21&type=code)<br>[WARNING!!](https://github.com/search?q=WARNING%21%21&type=code)<br>[could live with !!](https://github.com/search?q=could+live+with+%21%21&type=code)<br>[export default !!](https://github.com/search?q=export+default+%21%21&type=code)<br>[n !!](https://github.com/search?q=n++++++++%21%21&type=code)<br>[n return !!](https://github.com/search?q=n++++++++return+%21%21&type=code)<br>[n !!](https://github.com/search?q=n++++++%21%21&type=code)<br>[n !!](https://github.com/search?q=n++++%21%21&type=code)<br>[n return !!](https://github.com/search?q=n++++return+%21%21&type=code)<br>[n return !!](https://github.com/search?q=n++return+%21%21&type=code)<br>[ontain alphanumerical characters onlyexplicitly tagged !!](https://github.com/search?q=ontain+alphanumerical+characters+onlyexplicitly+tagged+%21%21&type=code)<br>[we should never receive this!!!](https://github.com/search?q=we+should+never+receive+this%21%21%21&type=code) |
+| MEDIUM | [sus/intercept](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/intercept.yara#interceptor) | References interception | [interceptIO](https://github.com/search?q=interceptIO&type=code)<br>[intercepted](https://github.com/search?q=intercepted&type=code)<br>[intercepting](https://github.com/search?q=intercepting&type=code)<br>[interceptors](https://github.com/search?q=interceptors&type=code) |
+| MEDIUM | [sus/leetspeak](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/leetspeak.yara#one_three_three_seven) | References 1337 terminology' | [1337](https://github.com/search?q=1337&type=code) |
+| MEDIUM | [sus/malicious](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/malicious.yara#malicious) | References 'malicious' | [bottleneck for malicious stuff](https://github.com/search?q=bottleneck+for+malicious+stuff&type=code) |
+| LOW | [c2/tool_transfer/arch](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/arch.yara#arch_ref) | references a specific architecture | [AMD64](https://github.com/search?q=AMD64&type=code)<br>[amd64](https://github.com/search?q=amd64&type=code)<br>[arm64](https://github.com/search?q=arm64&type=code)<br>[http://](http://)<br>[https://](https://)<br>[x86_64](https://github.com/search?q=x86_64&type=code) |
+| LOW | [credential/password](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/password/password.yara#password) | references a 'password' | [AccountChangePasswordHandlerFunc](https://github.com/search?q=AccountChangePasswordHandlerFunc&type=code)<br>[AccountChangePasswordHandleruser](https://github.com/search?q=AccountChangePasswordHandleruser&type=code)<br>[AccountChangePasswordParams](https://github.com/search?q=AccountChangePasswordParams&type=code)<br>[AccountChangePasswordRequest](https://github.com/search?q=AccountChangePasswordRequest&type=code)<br>[AcroFormPasswordField](https://github.com/search?q=AcroFormPasswordField&type=code)<br>[AllowCleartextPasswords](https://github.com/search?q=AllowCleartextPasswords&type=code)<br>[AllowEmptyPassword](https://github.com/search?q=AllowEmptyPassword&type=code)<br>[AllowNativePasswords](https://github.com/search?q=AllowNativePasswords&type=code)<br>[AllowOldPasswords](https://github.com/search?q=AllowOldPasswords&type=code)<br>[Also called as password](https://github.com/search?q=Also+called+as+password&type=code)<br>[Attribute SyntaxPassword must be changed](https://github.com/search?q=Attribute+SyntaxPassword+must+be+changed&type=code)<br>[AuthUserChangePasswordRequestproto](https://github.com/search?q=AuthUserChangePasswordRequestproto&type=code)<br>[AuthUserChangePasswordResponseproto](https://github.com/search?q=AuthUserChangePasswordResponseproto&type=code)<br>[AuthUserChangePasswordproto](https://github.com/search?q=AuthUserChangePasswordproto&type=code)<br>[BadPasswordCount](https://github.com/search?q=BadPasswordCount&type=code)<br>[Change Password for](https://github.com/search?q=Change+Password+for&type=code)<br>[Change User Password Icon](https://github.com/search?q=Change+User+Password+Icon&type=code)<br>[Change password for](https://github.com/search?q=Change+password+for&type=code)<br>[ChangeUserPasswordCreated](https://github.com/search?q=ChangeUserPasswordCreated&type=code)<br>[ChangeUserPasswordHandlerFunc](https://github.com/search?q=ChangeUserPasswordHandlerFunc&type=code)<br>[ChangeUserPasswordModal from](https://github.com/search?q=ChangeUserPasswordModal+from&type=code)<br>[ChangeUserPasswordParams](https://github.com/search?q=ChangeUserPasswordParams&type=code)<br>[ChangeUserPasswordRequest](https://github.com/search?q=ChangeUserPasswordRequest&type=code)<br>[Change_User_Password_Icon](https://github.com/search?q=Change_User_Password_Icon&type=code)<br>[ControlVChuPasswordMustChange](https://github.com/search?q=ControlVChuPasswordMustChange&type=code)<br>[ControlVChuPasswordWarning](https://github.com/search?q=ControlVChuPasswordWarning&type=code)<br>[Current Password](https://github.com/search?q=Current+Password&type=code)<br>[ERR_KEY_EXPIRED Password has expired](https://github.com/search?q=ERR_KEY_EXPIRED+Password+has+expired&type=code)<br>[Enter LDAP Password](https://github.com/search?q=Enter+LDAP+Password&type=code)<br>[Enter NATS password](https://github.com/search?q=Enter+NATS+password&type=code)<br>[Enter Password](https://github.com/search?q=Enter+Password&type=code)<br>[Enter SASL Password](https://github.com/search?q=Enter+SASL+Password&type=code)<br>[For decrypting password-protected PDFs](https://github.com/search?q=For+decrypting+password-protected+PDFs&type=code)<br>[GetHashedPassword](https://github.com/search?q=GetHashedPassword&type=code)<br>[GetKeyFromPassword](https://github.com/search?q=GetKeyFromPassword&type=code)<br>[GetPassword](https://github.com/search?q=GetPassword&type=code)<br>[HasPassword](https://github.com/search?q=HasPassword&type=code)<br>[HashedPasswordQprotobuf](https://github.com/search?q=HashedPasswordQprotobuf&type=code)<br>[IChangePasswordProps](https://github.com/search?q=IChangePasswordProps&type=code)<br>[IChangeUserPasswordProps](https://github.com/search?q=IChangeUserPasswordProps&type=code)<br>[Incorrect Password](https://github.com/search?q=Incorrect+Password&type=code)<br>[Invalid password](https://github.com/search?q=Invalid+password&type=code)<br>[LDAPPassword](https://github.com/search?q=LDAPPassword&type=code)<br>[Lookup Bind Password is required](https://github.com/search?q=Lookup+Bind+Password+is+required&type=code)<br>[LookupBindPassword](https://github.com/search?q=LookupBindPassword&type=code)<br>[MQTT password](https://github.com/search?q=MQTT+password&type=code)<br>[New passwords don](https://github.com/search?q=New+passwords+don&type=code)<br>[NewAccountChangePasswordDefault](https://github.com/search?q=NewAccountChangePasswordDefault&type=code)<br>[NewChangeUserPasswordDefault](https://github.com/search?q=NewChangeUserPasswordDefault&type=code)<br>[NewControlBeheraPasswordPolicy](https://github.com/search?q=NewControlBeheraPasswordPolicy&type=code)<br>[NewWithPassword](https://github.com/search?q=NewWithPassword&type=code)<br>[No password given](https://github.com/search?q=No+password+given&type=code)<br>[Password for SASL](https://github.com/search?q=Password+for+SASL&type=code)<br>[Password from](https://github.com/search?q=Password+from&type=code)<br>[Password string](https://github.com/search?q=Password+string&type=code)<br>[PasswordCallback](https://github.com/search?q=PasswordCallback&type=code)<br>[PasswordCanChange](https://github.com/search?q=PasswordCanChange&type=code)<br>[PasswordCredentialsToken](https://github.com/search?q=PasswordCredentialsToken&type=code)<br>[PasswordEprotobuf](https://github.com/search?q=PasswordEprotobuf&type=code)<br>[PasswordFlag](https://github.com/search?q=PasswordFlag&type=code)<br>[PasswordLastSet](https://github.com/search?q=PasswordLastSet&type=code)<br>[PasswordModify](https://github.com/search?q=PasswordModify&type=code)<br>[ReadPassword](https://github.com/search?q=ReadPassword&type=code)<br>[Redis server password](https://github.com/search?q=Redis+server+password&type=code)<br>[SASLprepping password](https://github.com/search?q=SASLprepping+password&type=code)<br>[SecurityChangePasswordRequest](https://github.com/search?q=SecurityChangePasswordRequest&type=code)<br>[SetPassword](https://github.com/search?q=SetPassword&type=code)<br>[TLS passwordkey](https://github.com/search?q=TLS+passwordkey&type=code)<br>[Type New Password Again](https://github.com/search?q=Type+New+Password+Again&type=code)<br>[UserChangePasswordgrpc](https://github.com/search?q=UserChangePasswordgrpc&type=code)<br>[_passwordCapability](https://github.com/search?q=_passwordCapability&type=code)<br>[a wrong or no password was provided](https://github.com/search?q=a+wrong+or+no+password+was+provided&type=code)<br>[accountChangePasswordRequest](https://github.com/search?q=accountChangePasswordRequest&type=code)<br>[account_change_password_parameters](https://github.com/search?q=account_change_password_parameters&type=code)<br>[account_change_password_request](https://github.com/search?q=account_change_password_request&type=code)<br>[account_change_password_responses](https://github.com/search?q=account_change_password_responses&type=code)<br>[allowCleartextPasswords](https://github.com/search?q=allowCleartextPasswords&type=code)<br>[allowOldPasswords](https://github.com/search?q=allowOldPasswords&type=code)<br>[and root password](https://github.com/search?q=and+root+password&type=code)<br>[authUserChangePassword](https://github.com/search?q=authUserChangePassword&type=code)<br>[authenticationpassword for SASL](https://github.com/search?q=authenticationpassword+for+SASL&type=code)<br>[bind_passwordmalformed JWK EC](https://github.com/search?q=bind_passwordmalformed+JWK+EC&type=code)<br>[bson bytes as Passwordproducer](https://github.com/search?q=bson+bytes+as+Passwordproducer&type=code)<br>[but a non-empty password was provided](https://github.com/search?q=but+a+non-empty+password+was+provided&type=code)<br>[change-password](https://github.com/search?q=change-password&type=code)<br>[change-user-password](https://github.com/search?q=change-user-password&type=code)<br>[changePasswordModalOpen](https://github.com/search?q=changePasswordModalOpen&type=code)<br>[changeUserPasswordModalOpen](https://github.com/search?q=changeUserPasswordModalOpen&type=code)<br>[changeUserPasswordRequest](https://github.com/search?q=changeUserPasswordRequest&type=code)<br>[change_user_password_parameters](https://github.com/search?q=change_user_password_parameters&type=code)<br>[change_user_password_request](https://github.com/search?q=change_user_password_request&type=code)<br>[change_user_password_responses](https://github.com/search?q=change_user_password_responses&type=code)<br>[changed to Password ok](https://github.com/search?q=changed+to+Password+ok&type=code)<br>[checkOwnerPassword](https://github.com/search?q=checkOwnerPassword&type=code)<br>[checkUserPassword](https://github.com/search?q=checkUserPassword&type=code)<br>[const changeUserPassword](https://github.com/search?q=const+changeUserPassword&type=code)<br>[const updatePassword](https://github.com/search?q=const+updatePassword&type=code)<br>[current-password](https://github.com/search?q=current-password&type=code)<br>[currentPassword](https://github.com/search?q=currentPassword&type=code)<br>[d for field NoPasswordproto](https://github.com/search?q=d+for+field+NoPasswordproto&type=code)<br>[d for field Passwordproto](https://github.com/search?q=d+for+field+Passwordproto&type=code)<br>[default ChangePassword](https://github.com/search?q=default+ChangePassword&type=code)<br>[deleteIncorrect password](https://github.com/search?q=deleteIncorrect+password&type=code)<br>[during onPassword callback](https://github.com/search?q=during+onPassword+callback&type=code)<br>[e instanceof PasswordException](https://github.com/search?q=e+instanceof+PasswordException&type=code)<br>[encoded password](https://github.com/search?q=encoded+password&type=code)<br>[encryptPassword](https://github.com/search?q=encryptPassword&type=code)<br>[end of groupPassword Policy - Behera](https://github.com/search?q=end+of+groupPassword+Policy+-+Behera&type=code)<br>[for field HashedPasswordgrpc](https://github.com/search?q=for+field+HashedPasswordgrpc&type=code)<br>[get password](https://github.com/search?q=get+password&type=code)<br>[getChangePasswordResponse](https://github.com/search?q=getChangePasswordResponse&type=code)<br>[getChangeUserPasswordResponse](https://github.com/search?q=getChangeUserPasswordResponse&type=code)<br>[hashedPassword](https://github.com/search?q=hashedPassword&type=code)<br>[in list of old passwordsldap](https://github.com/search?q=in+list+of+old+passwordsldap&type=code)<br>[key from password](https://github.com/search?q=key+from+password&type=code)<br>[link PasswordResponses](https://github.com/search?q=link+PasswordResponses&type=code)<br>[lookupBindPassword](https://github.com/search?q=lookupBindPassword&type=code)<br>[mypassword](https://github.com/search?q=mypassword&type=code)<br>[n setPassword](https://github.com/search?q=n++++++++++++setPassword&type=code)<br>[n PasswordKeyIcon](https://github.com/search?q=n++++++++++PasswordKeyIcon&type=code)<br>[n new PasswordException](https://github.com/search?q=n++++++++++new+PasswordException&type=code)<br>[n case PasswordResponses](https://github.com/search?q=n++++++++case+PasswordResponses&type=code)<br>[n setNewPassword](https://github.com/search?q=n++++++++setNewPassword&type=code)<br>[n password](https://github.com/search?q=n++++++password&type=code)<br>[n setPassword](https://github.com/search?q=n++++++setPassword&type=code)<br>[n changeUserPassword](https://github.com/search?q=n++++changeUserPassword&type=code)<br>[n password](https://github.com/search?q=n++++password&type=code)<br>[n setPassword](https://github.com/search?q=n++++setPassword&type=code)<br>[n setSubnetPassword](https://github.com/search?q=n++++setSubnetPassword&type=code)<br>[n ChangePasswordIcon](https://github.com/search?q=n++ChangePasswordIcon&type=code)<br>[n PasswordException](https://github.com/search?q=n++PasswordException&type=code)<br>[n PasswordKeyIcon](https://github.com/search?q=n++PasswordKeyIcon&type=code)<br>[n PasswordResponses](https://github.com/search?q=n++PasswordResponses&type=code)<br>[n const changePassword](https://github.com/search?q=n++const+changePassword&type=code)<br>[n const password](https://github.com/search?q=n++const+password&type=code)<br>[n const subnetPassword](https://github.com/search?q=n++const+subnetPassword&type=code)<br>[n lookup_bind_password](https://github.com/search?q=n++lookup_bind_password&type=code)<br>[n password](https://github.com/search?q=n++password&type=code)<br>[n setSubnetPassword](https://github.com/search?q=n++setSubnetPassword&type=code)<br>[n subnetPassword](https://github.com/search?q=n++subnetPassword&type=code)<br>[name ChangeUserPassword](https://github.com/search?q=name+ChangeUserPassword&type=code)<br>[native_passwordinvalid dbname](https://github.com/search?q=native_passwordinvalid+dbname&type=code)<br>[nconst ChangePassword](https://github.com/search?q=nconst+ChangePassword&type=code)<br>[nconst PasswordResponses](https://github.com/search?q=nconst+PasswordResponses&type=code)<br>[nconst PasswordSelector](https://github.com/search?q=nconst+PasswordSelector&type=code)<br>[nconst defaultOnPassword](https://github.com/search?q=nconst+defaultOnPassword&type=code)<br>[newPassword](https://github.com/search?q=newPassword&type=code)<br>[newpassword](https://github.com/search?q=newpassword&type=code)<br>[nexport default PasswordResponses](https://github.com/search?q=nexport+default+PasswordResponses&type=code)<br>[nexport default PasswordSelector](https://github.com/search?q=nexport+default+PasswordSelector&type=code)<br>[nimport ChangePasswordModal from](https://github.com/search?q=nimport+ChangePasswordModal+from&type=code)<br>[nimport PasswordResponses from](https://github.com/search?q=nimport+PasswordResponses+from&type=code)<br>[nimport PasswordSelector from](https://github.com/search?q=nimport+PasswordSelector+from&type=code)<br>[noPassword](https://github.com/search?q=noPassword&type=code)<br>[no_password](https://github.com/search?q=no_password&type=code)<br>[note your new password down](https://github.com/search?q=note+your+new+password+down&type=code)<br>[order to change passwordssh](https://github.com/search?q=order+to+change+passwordssh&type=code)<br>[password requiredtls](https://github.com/search?q=password+requiredtls&type=code)<br>[password sslmode](https://github.com/search?q=password+sslmode&type=code)<br>[passwordChar](https://github.com/search?q=passwordChar&type=code)<br>[passwordReader](https://github.com/search?q=passwordReader&type=code)<br>[passwordSet](https://github.com/search?q=passwordSet&type=code)<br>[passwordset to](https://github.com/search?q=passwordset+to&type=code)<br>[postgres password](https://github.com/search?q=postgres+password&type=code)<br>[qunexpected password response](https://github.com/search?q=qunexpected+password+response&type=code)<br>[re-new-password](https://github.com/search?q=re-new-password&type=code)<br>[reNewPassword](https://github.com/search?q=reNewPassword&type=code)<br>[readPasswordLine](https://github.com/search?q=readPasswordLine&type=code)<br>[requires old password authentication](https://github.com/search?q=requires+old+password+authentication&type=code)<br>[return new PasswordEdit](https://github.com/search?q=return+new+PasswordEdit&type=code)<br>[return new PasswordException](https://github.com/search?q=return+new+PasswordException&type=code)<br>[rootPassword](https://github.com/search?q=rootPassword&type=code)<br>[saltPassword](https://github.com/search?q=saltPassword&type=code)<br>[saltedPassword](https://github.com/search?q=saltedPassword&type=code)<br>[sasl_password](https://github.com/search?q=sasl_password&type=code)<br>[save-password-modal](https://github.com/search?q=save-password-modal&type=code)<br>[save-user-password](https://github.com/search?q=save-user-password&type=code)<br>[scrambleOldPassword](https://github.com/search?q=scrambleOldPassword&type=code)<br>[scramblePassword](https://github.com/search?q=scramblePassword&type=code)<br>[sendEncryptedPassword](https://github.com/search?q=sendEncryptedPassword&type=code)<br>[setChangePasswordModalOpen](https://github.com/search?q=setChangePasswordModalOpen&type=code)<br>[setChangeUserPasswordModalOpen](https://github.com/search?q=setChangeUserPasswordModalOpen&type=code)<br>[setCurrentPassword](https://github.com/search?q=setCurrentPassword&type=code)<br>[setReNewPassword](https://github.com/search?q=setReNewPassword&type=code)<br>[socksUsernamePassword](https://github.com/search?q=socksUsernamePassword&type=code)<br>[sshPasswordAuth](https://github.com/search?q=sshPasswordAuth&type=code)<br>[static passwordEdit](https://github.com/search?q=static+passwordEdit&type=code)<br>[stripPassword](https://github.com/search?q=stripPassword&type=code)<br>[subnet-password](https://github.com/search?q=subnet-password&type=code)<br>[t Passwordflag](https://github.com/search?q=t+Passwordflag&type=code)<br>[the provided passwordRole Policy](https://github.com/search?q=the+provided+passwordRole+Policy&type=code)<br>[throw new PasswordException](https://github.com/search?q=throw+new+PasswordException&type=code)<br>[updated the password for the user](https://github.com/search?q=updated+the+password+for+the+user&type=code)<br>[user ID or passwordetcdserver](https://github.com/search?q=user+ID+or+passwordetcdserver&type=code)<br>[user name or passwordnkeys](https://github.com/search?q=user+name+or+passwordnkeys&type=code)<br>[user_change_password](https://github.com/search?q=user_change_password&type=code)<br>[valid or client password](https://github.com/search?q=valid+or+client+password&type=code)<br>[with the new password](https://github.com/search?q=with+the+new+password&type=code)<br>[your Console password](https://github.com/search?q=your+Console+password&type=code)<br>[your current passwordduration can](https://github.com/search?q=your+current+passwordduration+can&type=code) |
+| LOW | [credential/ssl/private_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/ssl/private_key.yara#private_key_val) | References private keys | [PRIVATE_KEY](https://github.com/search?q=PRIVATE_KEY&type=code)<br>[privateKey](https://github.com/search?q=privateKey&type=code)<br>[private_key](https://github.com/search?q=private_key&type=code) |
+| LOW | [crypto/aes](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/aes.yara#crypto_aes) | Supports AES (Advanced Encryption Standard) | [AES](https://github.com/search?q=AES&type=code)<br>[crypto/aes](https://github.com/search?q=crypto%2Faes&type=code) |
+| LOW | [crypto/decrypt](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/decrypt.yara#decrypt) | decrypts data | [BuildKeyDecrypter](https://github.com/search?q=BuildKeyDecrypter&type=code)<br>[DES3DecryptData](https://github.com/search?q=DES3DecryptData&type=code)<br>[DES3DecryptMessage](https://github.com/search?q=DES3DecryptMessage&type=code)<br>[DecryptArgs](https://github.com/search?q=DecryptArgs&type=code)<br>[DecryptBlocksReader](https://github.com/search?q=DecryptBlocksReader&type=code)<br>[DecryptBlocksRequestR](https://github.com/search?q=DecryptBlocksRequestR&type=code)<br>[DecryptBuffer](https://github.com/search?q=DecryptBuffer&type=code)<br>[DecryptBytes](https://github.com/search?q=DecryptBytes&type=code)<br>[DecryptCopyRequestR](https://github.com/search?q=DecryptCopyRequestR&type=code)<br>[DecryptETags](https://github.com/search?q=DecryptETags&type=code)<br>[DecryptEncPart](https://github.com/search?q=DecryptEncPart&type=code)<br>[DecryptKey](https://github.com/search?q=DecryptKey&type=code)<br>[DecryptOAEP](https://github.com/search?q=DecryptOAEP&type=code)<br>[DecryptObjectInfo](https://github.com/search?q=DecryptObjectInfo&type=code)<br>[DecryptPEMBlock](https://github.com/search?q=DecryptPEMBlock&type=code)<br>[DecryptPKCS1v15SessionK](https://github.com/search?q=DecryptPKCS1v15SessionK&type=code)<br>[DecryptParameters](https://github.com/search?q=DecryptParameters&type=code)<br>[DecryptReaderAt](https://github.com/search?q=DecryptReaderAt&type=code)<br>[DecryptRequestWithSeque](https://github.com/search?q=DecryptRequestWithSeque&type=code)<br>[DecryptResponse](https://github.com/search?q=DecryptResponse&type=code)<br>[DecryptTicket](https://github.com/search?q=DecryptTicket&type=code)<br>[DecryptToken](https://github.com/search?q=DecryptToken&type=code)<br>[DecryptWriter](https://github.com/search?q=DecryptWriter&type=code)<br>[DecryptedEncPart](https://github.com/search?q=DecryptedEncPart&type=code)<br>[DecryptedSize](https://github.com/search?q=DecryptedSize&type=code)<br>[DecrypterNumber of byte](https://github.com/search?q=DecrypterNumber+of+byte&type=code)<br>[DecrypterOpts](https://github.com/search?q=DecrypterOpts&type=code)<br>[Decryptintegrity checks](https://github.com/search?q=Decryptintegrity+checks&type=code)<br>[DecryptionErr json](https://github.com/search?q=DecryptionErr+json&type=code)<br>[DecryptionFailedinvalid](https://github.com/search?q=DecryptionFailedinvalid&type=code)<br>[Encrypting_ErrorDecrypting_ErrorNetwork](https://github.com/search?q=Encrypting_ErrorDecrypting_ErrorNetwork&type=code)<br>[GetDecryptedRange](https://github.com/search?q=GetDecryptedRange&type=code)<br>[Inspect Decryption Key](https://github.com/search?q=Inspect+Decryption+Key&type=code)<br>[NewCBCDecrypter](https://github.com/search?q=NewCBCDecrypter&type=code)<br>[NewDecrypter](https://github.com/search?q=NewDecrypter&type=code)<br>[NewECDHESDecrypt](https://github.com/search?q=NewECDHESDecrypt&type=code)<br>[NewRSAOAEPDecrypt](https://github.com/search?q=NewRSAOAEPDecrypt&type=code)<br>[NewRSAPKCS15Decrypt](https://github.com/search?q=NewRSAPKCS15Decrypt&type=code)<br>[NoDecryption](https://github.com/search?q=NoDecryption&type=code)<br>[PKCS1v15DecryptOptions](https://github.com/search?q=PKCS1v15DecryptOptions&type=code)<br>[arse buffer for Decryptfailed to marsha](https://github.com/search?q=arse+buffer+for+Decryptfailed+to+marsha&type=code)<br>[buildDecrypter](https://github.com/search?q=buildDecrypter&type=code)<br>[cbcDecrypter](https://github.com/search?q=cbcDecrypter&type=code)<br>[cipherTransformDecryptStream](https://github.com/search?q=cipherTransformDecryptStream&type=code)<br>[class DecryptStream extends D](https://github.com/search?q=class+DecryptStream+extends+D&type=code)<br>[compressionIndexDecrypt](https://github.com/search?q=compressionIndexDecrypt&type=code)<br>[doDecryptCtx](https://github.com/search?q=doDecryptCtx&type=code)<br>[errDecryptionFailed](https://github.com/search?q=errDecryptionFailed&type=code)<br>[getDecryptedETag](https://github.com/search?q=getDecryptedETag&type=code)<br>[gzDecryption key](https://github.com/search?q=gzDecryption+key&type=code)<br>[identDecrypt](https://github.com/search?q=identDecrypt&type=code)<br>[lid options for Decryptx509](https://github.com/search?q=lid+options+for+Decryptx509&type=code)<br>[metadataDecrypter](https://github.com/search?q=metadataDecrypter&type=code)<br>[n setDecryptionKey](https://github.com/search?q=n++++++++setDecryptionKey&type=code)<br>[n setDecryptionKey](https://github.com/search?q=n++++setDecryptionKey&type=code)<br>[newDecryptReaderWithObject](https://github.com/search?q=newDecryptReaderWithObject&type=code)<br>[return new DecryptStream](https://github.com/search?q=return+new+DecryptStream&type=code)<br>[rsaDecryptOk](https://github.com/search?q=rsaDecryptOk&type=code)<br>[stopDecryptionLogMessagePol](https://github.com/search?q=stopDecryptionLogMessagePol&type=code)<br>[tryDecryptETag](https://github.com/search?q=tryDecryptETag&type=code) |
+| LOW | [crypto/ecdsa](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/ecdsa.yara#crypto_ecdsa) | Uses the Go crypto/ecdsa library | [crypto/ecdsa](https://github.com/search?q=crypto%2Fecdsa&type=code) |
+| LOW | [crypto/ed25519](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/ed25519.yara#ed25519) | Elliptic curve algorithm used by TLS and SSH | [ed25519](https://github.com/search?q=ed25519&type=code) |
+| LOW | [crypto/public_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/public_key.yara#public_key) | references a 'public key' | [Public-Key](https://github.com/search?q=Public-Key&type=code)<br>[PublicKey](https://github.com/search?q=PublicKey&type=code)<br>[public key](https://github.com/search?q=public+key&type=code)<br>[public-key](https://github.com/search?q=public-key&type=code)<br>[publicKey](https://github.com/search?q=publicKey&type=code)<br>[publickey](https://github.com/search?q=publickey&type=code) |
+| LOW | [crypto/tls](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/tls.yara#tls) | tls | [TLS13](https://github.com/search?q=TLS13&type=code)<br>[TLSVersion](https://github.com/search?q=TLSVersion&type=code)<br>[crypto/tls](https://github.com/search?q=crypto%2Ftls&type=code) |
+| LOW | [data/compression/bzip2](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/bzip2.yara#bzip2) | Works with bzip2 files | [bzip2](https://github.com/search?q=bzip2&type=code) |
+| LOW | [data/compression/gzip](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/gzip.yara#gzip) | [works with gzip files](https://www.gnu.org/software/gzip/) | [gzip](https://github.com/search?q=gzip&type=code) |
+| LOW | [data/compression/zlib](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/zlib.yara#zlib) | uses zlib | [zlib](https://github.com/search?q=zlib&type=code) |
+| LOW | [data/compression/zstd](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/zstd.yara#zstd) | Zstandard: fast real-time compression algorithm | [(µ/ý](https://github.com/search?q=%28%B5%2F%FD&type=code)<br>[zstd](https://github.com/search?q=zstd&type=code) |
+| LOW | [data/embedded/pem_test_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/embedded-pem-test_key.yara#testing_key) | Contains TESTING KEY directive | [TESTING KEY--](https://github.com/search?q=TESTING+KEY--&type=code) |
+| LOW | [data/encoding/base64](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/base64.yara#b64) | Supports base64 encoded strings | [base64](https://github.com/search?q=base64&type=code) |
+| LOW | [data/encoding/json](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/json.yara#encoding_json) | Supports JSON encoded objects | [encoding/json](https://github.com/search?q=encoding%2Fjson&type=code) |
+| LOW | [data/encoding/json_decode](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/json-decode.yara#jsondecode) | Decodes JSON messages | [JSON.parse](https://github.com/search?q=JSON.parse&type=code)<br>[JSONDecode](https://github.com/search?q=JSONDecode&type=code)<br>[json.Unmarshal](https://github.com/search?q=json.Unmarshal&type=code) |
+| LOW | [data/encoding/json_encode](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/json-encode.yara#JSONEncode) | encodes JSON | [JSON.stringify](https://github.com/search?q=JSON.stringify&type=code)<br>[JSONEncode](https://github.com/search?q=JSONEncode&type=code) |
+| LOW | [data/hash/blake2b](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/hash/blake2b.yara#crypto_blake2b) | Uses blake2b encryption algorithm | [blake2b](https://github.com/search?q=blake2b&type=code) |
+| LOW | [data/hash/md5](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/hash/md5.yara#MD5) | Uses the MD5 signature format | [md5:copy](https://github.com/search?q=md5%3Acopy&type=code) |
+| LOW | [discover/cloud/aws_metadata](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/cloud/aws-metadata.yara#aws_metadata) | References the AWS EC2 metadata token | [X-aws-ec2-metadata-token](https://github.com/search?q=X-aws-ec2-metadata-token&type=code) |
+| LOW | [discover/cloud/google_metadata](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/cloud/google-metadata.yara#google_metadata) | Includes the token required to use the Google Cloud Platform metadata server | [Metadata-Flavor](https://github.com/search?q=Metadata-Flavor&type=code) |
+| LOW | [discover/cloud/google_storage](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/cloud/google-storage.yara#go_import) | Capable of using Google Cloud Storage (GCS) | [cloud.google.com/go/storage](https://github.com/search?q=cloud.google.com%2Fgo%2Fstorage&type=code) |
+| LOW | [discover/system/cpu](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/cpu.yara#processor_count) | [gets number of processors](https://man7.org/linux/man-pages/man3/get_nprocs.3.html) | [nproc](https://github.com/search?q=nproc&type=code) |
+| LOW | [discover/system/dmesg](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/dmesg.yara#dmesg) | accesses the kernel log ring buffer | [dmesg](https://github.com/search?q=dmesg&type=code) |
+| LOW | [discover/system/hostname](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/hostname.yara#gethostname) | [get computer host name](https://man7.org/linux/man-pages/man2/sethostname.2.html) | [/proc/sys/kernel/hostname](https://github.com/search?q=%2Fproc%2Fsys%2Fkernel%2Fhostname&type=code) |
+| LOW | [discover/user/HOME](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/user/HOME.yara#HOME) | [Looks up the HOME directory for the current user](https://man.openbsd.org/login.1#ENVIRONMENT) | [HOME](https://github.com/search?q=HOME&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [discover/user/USER](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/user/USER.yara#USER) | [Looks up the USER name of the current user](https://man.openbsd.org/login.1#ENVIRONMENT) | [ENV](https://github.com/search?q=ENV&type=code)<br>[USER](https://github.com/search?q=USER&type=code)<br>[environ](https://github.com/search?q=environ&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [evasion/logging/acct](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/logging/acct.yara#acct) | switch process accounting on or off | [acct](https://github.com/search?q=acct&type=code) |
+| LOW | [exec/conditional/LANG](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/conditional/LANG.yara#LANG_getenv) | Looks up language of current user | [LANG](https://github.com/search?q=LANG&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [exec/plugin](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/plugin/plugin.yara#plugin) | references a 'plugin' | [CatPluginsRequest](https://github.com/search?q=CatPluginsRequest&type=code)<br>[Expected a list of plugins](https://github.com/search?q=Expected+a+list+of+plugins&type=code)<br>[Further plugins run on](https://github.com/search?q=Further+plugins+run+on&type=code)<br>[InitPluginsDir](https://github.com/search?q=InitPluginsDir&type=code)<br>[K extends keyof Plugins](https://github.com/search?q=K+extends+keyof+Plugins&type=code)<br>[Nodes created by plugins do not](https://github.com/search?q=Nodes+created+by+plugins+do+not&type=code)<br>[Patches plugin](https://github.com/search?q=Patches+plugin&type=code)<br>[Plugin options](https://github.com/search?q=Plugin+options&type=code)<br>[PluginEnable](https://github.com/search?q=PluginEnable&type=code)<br>[PluginUnload](https://github.com/search?q=PluginUnload&type=code)<br>[Set plugin](https://github.com/search?q=Set+plugin&type=code)<br>[The plugin for](https://github.com/search?q=The+plugin+for&type=code)<br>[To enable the plugin](https://github.com/search?q=To+enable+the+plugin&type=code)<br>[acroformPlugin](https://github.com/search?q=acroformPlugin&type=code)<br>[addplugindir](https://github.com/search?q=addplugindir&type=code)<br>[and rehype plugins](https://github.com/search?q=and+rehype+plugins&type=code)<br>[assert we have the plugin](https://github.com/search?q=assert+we+have+the+plugin&type=code)<br>[at build time via a babel plugin in](https://github.com/search?q=at+build+time+via+a+babel+plugin+in&type=code)<br>[const selfReferenceReplacementPlugin](https://github.com/search?q=const+selfReferenceReplacementPlugin&type=code)<br>[dependGlobalAuthNPlugin](https://github.com/search?q=dependGlobalAuthNPlugin&type=code)<br>[enableAllPlugins](https://github.com/search?q=enableAllPlugins&type=code)<br>[further with use of the babel plugin](https://github.com/search?q=further+with+use+of+the+babel+plugin&type=code)<br>[goal is for them to be set by plugins on](https://github.com/search?q=goal+is+for+them+to+be+set+by+plugins+on&type=code)<br>[hNPluginL](https://github.com/search?q=hNPluginL&type=code)<br>[hungarian_ciunknown auth plugin](https://github.com/search?q=hungarian_ciunknown+auth+plugin&type=code)<br>[invloadplugins](https://github.com/search?q=invloadplugins&type=code)<br>[jsPDF addImage plugin](https://github.com/search?q=jsPDF+addImage+plugin&type=code)<br>[jsPDF fromHTML plugin](https://github.com/search?q=jsPDF+fromHTML+plugin&type=code)<br>[jsPDF standard_fonts_metrics plugin](https://github.com/search?q=jsPDF+standard_fonts_metrics+plugin&type=code)<br>[n addPlugin](https://github.com/search?q=n++++++++++addPlugin&type=code)<br>[n addPlugin](https://github.com/search?q=n++++++++addPlugin&type=code)<br>[n plugins](https://github.com/search?q=n++++++++plugins&type=code)<br>[n addPlugin](https://github.com/search?q=n++++++addPlugin&type=code)<br>[n function addPlugin](https://github.com/search?q=n++++function+addPlugin&type=code)<br>[n astPlugins](https://github.com/search?q=n++astPlugins&type=code)<br>[n const parseRulesPlugin](https://github.com/search?q=n++const+parseRulesPlugin&type=code)<br>[n const returnRulesPlugin](https://github.com/search?q=n++const+returnRulesPlugin&type=code)<br>[n plugins](https://github.com/search?q=n++plugins&type=code)<br>[n rehypePlugins](https://github.com/search?q=n++rehypePlugins&type=code)<br>[n remarkPlugins](https://github.com/search?q=n++remarkPlugins&type=code)<br>[n stylisPlugins](https://github.com/search?q=n++stylisPlugins&type=code)<br>[nconst plugins](https://github.com/search?q=nconst+plugins&type=code)<br>[newCatPluginsFunc](https://github.com/search?q=newCatPluginsFunc&type=code)<br>[newGlobalAuthNPluginFn](https://github.com/search?q=newGlobalAuthNPluginFn&type=code)<br>[newGlobalAuthZPluginFn](https://github.com/search?q=newGlobalAuthZPluginFn&type=code)<br>[nexport function getPlugin](https://github.com/search?q=nexport+function+getPlugin&type=code)<br>[nexport function loadPlugin](https://github.com/search?q=nexport+function+loadPlugin&type=code)<br>[nimport insertRulePlugin from](https://github.com/search?q=nimport+insertRulePlugin+from&type=code)<br>[noloadplugins](https://github.com/search?q=noloadplugins&type=code)<br>[not use requested auth plugin](https://github.com/search?q=not+use+requested+auth+plugin&type=code)<br>[ntype Plugins](https://github.com/search?q=ntype+Plugins&type=code)<br>[of state to be passed to plugins](https://github.com/search?q=of+state+to+be+passed+to+plugins&type=code)<br>[please ensure that a plugin for](https://github.com/search?q=please+ensure+that+a+plugin+for&type=code)<br>[pluginGobDecoder](https://github.com/search?q=pluginGobDecoder&type=code)<br>[pluginapplication](https://github.com/search?q=pluginapplication&type=code)<br>[pluginextension](https://github.com/search?q=pluginextension&type=code)<br>[pluginpath](https://github.com/search?q=pluginpath&type=code)<br>[pluginsH](https://github.com/search?q=pluginsH&type=code)<br>[policy_plugin](https://github.com/search?q=policy_plugin&type=code)<br>[remarkplugins](https://github.com/search?q=remarkplugins&type=code)<br>[setGlobalAuthNPlugin](https://github.com/search?q=setGlobalAuthNPlugin&type=code)<br>[setGlobalAuthZPlugin](https://github.com/search?q=setGlobalAuthZPlugin&type=code)<br>[setPlugins](https://github.com/search?q=setPlugins&type=code)<br>[supplied stylis plugins are in](https://github.com/search?q=supplied+stylis+plugins+are+in&type=code)<br>[tconst plugin](https://github.com/search?q=tconst+plugin&type=code)<br>[tgetPlugin](https://github.com/search?q=tgetPlugin&type=code)<br>[that means rehype plugins can be](https://github.com/search?q=that+means+rehype+plugins+can+be&type=code)<br>[tloadPlugin](https://github.com/search?q=tloadPlugin&type=code)<br>[to generate ARN from the plugin config](https://github.com/search?q=to+generate+ARN+from+the+plugin+config&type=code)<br>[tpluginKey](https://github.com/search?q=tpluginKey&type=code)<br>[treturn plugin](https://github.com/search?q=treturn+plugin&type=code)<br>[typedef PluginOptions](https://github.com/search?q=typedef+PluginOptions&type=code)<br>[typeof plugins](https://github.com/search?q=typeof+plugins&type=code)<br>[valueUnable to initialize AuthNPlugin](https://github.com/search?q=valueUnable+to+initialize+AuthNPlugin&type=code)<br>[wUnable to initialize AuthZPlugin](https://github.com/search?q=wUnable+to+initialize+AuthZPlugin&type=code) |
+| LOW | [exec/shell/SHELL](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/SHELL.yara#SHELL) | [path to active shell](https://man.openbsd.org/login.1#ENVIRONMENT) | [SHELL](https://github.com/search?q=SHELL&type=code) |
+| LOW | [exec/shell/TERM](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/TERM.yara#TERM) | [Look up or override terminal settings](https://www.gnu.org/software/gettext/manual/html_node/The-TERM-variable.html) | [TERM](https://github.com/search?q=TERM&type=code) |
+| LOW | [exec/system_controls/systemd](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/system_controls/systemd.yara#ref_systemd) | makes references to systemd | [systemd](https://github.com/search?q=systemd&type=code) |
+| LOW | [fs/directory/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-create.yara#mkdir) | [creates directories](https://man7.org/linux/man-pages/man2/mkdir.2.html) | [mkdir](https://github.com/search?q=mkdir&type=code) |
+| LOW | [fs/directory/list](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-list.yara#GoReadDir) | Uses Go functions to list a directory | [.ReadDir](https://github.com/search?q=.ReadDir&type=code) |
+| LOW | [fs/directory/remove](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-remove.yara#rmdir) | Uses libc functions to remove directories | [Rmdir](https://github.com/search?q=Rmdir&type=code)<br>[rmdir](https://github.com/search?q=rmdir&type=code) |
+| LOW | [fs/fifo_create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/fifo-create.yara#mkfifo) | make a FIFO special file (a named pipe) | [mkfifo](https://github.com/search?q=mkfifo&type=code) |
+| LOW | [fs/file/capabilities_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-capabilities-set.yara#setfcap) | [Set file capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) | [setcap](https://github.com/search?q=setcap&type=code) |
+| LOW | [fs/file/delete_forcibly](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-delete-forcibly.yara#rm_force) | Forcibly deletes files | [rm - Transformation matrix.](https://github.com/search?q=rm+-+Transformation+matrix.&type=code) |
+| LOW | [fs/file/open](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-open.yara#py_open) | opens files | [open(](https://github.com/search?q=open%28&type=code) |
+| LOW | [fs/file/read](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-read.yara#go_file_read) | reads files | [ReadFile](https://github.com/search?q=ReadFile&type=code)<br>[os.(*File).Read](https://github.com/search?q=os.%28%2AFile%29.Read&type=code) |
+| LOW | [fs/file/rename](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-rename.yara#explicit_rename) | renames files | [os.rename](https://github.com/search?q=os.rename&type=code) |
+| LOW | [fs/file/times_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-times-set.yara#utimensat) | [change file timestamps with nanosecond precision](https://linux.die.net/man/3/futimens) | [utimensat](https://github.com/search?q=utimensat&type=code) |
+| LOW | [fs/file/write](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-write.yara#file_write) | writes to file | [WriteFile](https://github.com/search?q=WriteFile&type=code)<br>[writeFile](https://github.com/search?q=writeFile&type=code)<br>[writeRawFile](https://github.com/search?q=writeRawFile&type=code)<br>[writeUniqueFileInfo](https://github.com/search?q=writeUniqueFileInfo&type=code) |
+| LOW | [fs/link_create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/link-create.yara#link) | May create hard file links | [_link](https://github.com/search?q=_link&type=code) |
+| LOW | [fs/link_read](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/link-read.yara#readlink) | [read value of a symbolic link](https://man7.org/linux/man-pages/man2/readlink.2.html) | [readlinkat](https://github.com/search?q=readlinkat&type=code) |
+| LOW | [fs/mount](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/mount.yara#mount) | mounts file systems | [-o](https://github.com/search?q=-o&type=code)<br>[mount](https://github.com/search?q=mount&type=code) |
+| LOW | [fs/node_create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/node-create.yara#mknod) | [create device files](https://man7.org/linux/man-pages/man2/mknod.2.html) | [mknod](https://github.com/search?q=mknod&type=code) |
+| LOW | [fs/path/etc](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc.yara#etc_path) | path reference within /etc | [/etc/apache/mime.typeshttp](https://github.com/search?q=%2Fetc%2Fapache%2Fmime.typeshttp&type=code)<br>[/etc/group](https://github.com/search?q=%2Fetc%2Fgroup&type=code)<br>[/etc/hostsgetsockoptnetlinkribsetsock](https://github.com/search?q=%2Fetc%2Fhostsgetsockoptnetlinkribsetsock&type=code)<br>[/etc/httpd/conf/mime.typesmime](https://github.com/search?q=%2Fetc%2Fhttpd%2Fconf%2Fmime.typesmime&type=code)<br>[/etc/machine-id](https://github.com/search?q=%2Fetc%2Fmachine-id&type=code)<br>[/etc/mime.types](https://github.com/search?q=%2Fetc%2Fmime.types&type=code)<br>[/etc/nsswitch.confinvalid](https://github.com/search?q=%2Fetc%2Fnsswitch.confinvalid&type=code)<br>[/etc/passwd](https://github.com/search?q=%2Fetc%2Fpasswd&type=code)<br>[/etc/pki/ca-trust/extracted/pem/tls-c](https://github.com/search?q=%2Fetc%2Fpki%2Fca-trust%2Fextracted%2Fpem%2Ftls-c&type=code)<br>[/etc/pki/tls/cacert.peminvalid](https://github.com/search?q=%2Fetc%2Fpki%2Ftls%2Fcacert.peminvalid&type=code)<br>[/etc/pki/tls/certs/ca-bundle.crtx](https://github.com/search?q=%2Fetc%2Fpki%2Ftls%2Fcerts%2Fca-bundle.crtx&type=code)<br>[/etc/protocolsunknown](https://github.com/search?q=%2Fetc%2Fprotocolsunknown&type=code)<br>[/etc/resolv.confnon-](https://github.com/search?q=%2Fetc%2Fresolv.confnon-&type=code)<br>[/etc/selinux/config/v](https://github.com/search?q=%2Fetc%2Fselinux%2Fconfig%2Fv&type=code)<br>[/etc/services](https://github.com/search?q=%2Fetc%2Fservices&type=code)<br>[/etc/ssl/ca-bundle.pemx](https://github.com/search?q=%2Fetc%2Fssl%2Fca-bundle.pemx&type=code)<br>[/etc/ssl/cert.peminvalid](https://github.com/search?q=%2Fetc%2Fssl%2Fcert.peminvalid&type=code)<br>[/etc/ssl/certs/ca-certificates.crtadd](https://github.com/search?q=%2Fetc%2Fssl%2Fcerts%2Fca-certificates.crtadd&type=code)<br>[/etc/zoneinfoparsing](https://github.com/search?q=%2Fetc%2Fzoneinfoparsing&type=code) |
+| LOW | [fs/path/etc_resolv.conf](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc-resolv.conf.yara#etc_resolv_conf) | accesses DNS resolver configuration | [/etc/resolv.conf](https://github.com/search?q=%2Fetc%2Fresolv.conf&type=code) |
+| LOW | [fs/path/home_config](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/home-config.yara#home_config_path) | path reference within ~/.config | [/minio/cmd.config/iam/policydb/groups/unable to list IAM data](https://github.com/search?q=%2Fminio%2Fcmd.config%2Fiam%2Fpolicydb%2Fgroups%2Funable+to+list+IAM+data&type=code)<br>[client_ip.config/gcloudINTEGRITY_ONLYnegative offset is not definedcopy_file_rang](https://github.com/search?q=client_ip.config%2FgcloudINTEGRITY_ONLYnegative+offset+is+not+definedcopy_file_rang&type=code) |
+| LOW | [fs/path/usr_bin](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/usr-bin.yara#usr_bin_path) | path reference within /usr/bin | [/usr/bin/env](https://github.com/search?q=%2Fusr%2Fbin%2Fenv&type=code)<br>[/usr/bin/lsb_releaseenterpriseenterprises](https://github.com/search?q=%2Fusr%2Fbin%2Flsb_releaseenterpriseenterprises&type=code)<br>[/usr/bin/lxc-versiongogoproto.protosizerg](https://github.com/search?q=%2Fusr%2Fbin%2Flxc-versiongogoproto.protosizerg&type=code)<br>[/usr/bin/raspi-config](https://github.com/search?q=%2Fusr%2Fbin%2Fraspi-config&type=code) |
+| LOW | [fs/path/var](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/var.yara#var_path) | path reference within /var | [/var/krb5/user/%s/client.keytabreflect.Value](https://github.com/search?q=%2Fvar%2Fkrb5%2Fuser%2F%25s%2Fclient.keytabreflect.Value&type=code)<br>[/var/lib/backups](https://github.com/search?q=%2Fvar%2Flib%2Fbackups&type=code)<br>[/var/run/console.sock](https://github.com/search?q=%2Fvar%2Frun%2Fconsole.sock&type=code)<br>[/var/run/log/definitionsinvalid](https://github.com/search?q=%2Fvar%2Frun%2Flog%2Fdefinitionsinvalid&type=code)<br>[/var/run/secrets/kubernetes.io/serviceaccountset](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2Fkubernetes.io%2Fserviceaccountset&type=code)<br>[/var/run/syslogschema](https://github.com/search?q=%2Fvar%2Frun%2Fsyslogschema&type=code)<br>[/var/vcap/boshbefore](https://github.com/search?q=%2Fvar%2Fvcap%2Fboshbefore&type=code) |
+| LOW | [fs/quota_manipulate](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/quota-manipulate.yara#quotactl) | manipulate disk quota | [quotactl](https://github.com/search?q=quotactl&type=code) |
+| LOW | [fs/swap/on](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/swap/swap-on.yara#swapon) | start swapping to a file/device | [swapon](https://github.com/search?q=swapon&type=code) |
+| LOW | [fs/symlink_resolve](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/symlink-resolve.yara#realpath) | [resolves symbolic links](https://man7.org/linux/man-pages/man3/realpath.3.html) | [realpath](https://github.com/search?q=realpath&type=code) |
+| LOW | [fs/tempdir/TEMP](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempdir/TEMP.yara#temp) | temp | [TEMP](https://github.com/search?q=TEMP&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code)<br>[temp](https://github.com/search?q=temp&type=code) |
+| LOW | [fs/tempfile](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempfile.yara#mktemp) | creates temporary files | [ioutil/tempfile](https://github.com/search?q=ioutil%2Ftempfile&type=code)<br>[temp file](https://github.com/search?q=temp+file&type=code)<br>[tmpfile](https://github.com/search?q=tmpfile&type=code) |
+| LOW | [fs/unmount](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/unmount.yara#umount) | unmount file system | [umount](https://github.com/search?q=umount&type=code) |
+| LOW | [fs/watch](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/watch.yara#inotify) | monitors filesystem events | [inotify](https://github.com/search?q=inotify&type=code) |
+| LOW | [hw/wireless](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/wireless.yara#bssid) | wireless network base station ID | [BSSID](https://github.com/search?q=BSSID&type=code) |
+| LOW | [net/dns](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns.yara#go_dns_refs) | Uses DNS (Domain Name Service) | [CNAMEResource](https://github.com/search?q=CNAMEResource&type=code)<br>[SetEDNS0](https://github.com/search?q=SetEDNS0&type=code)<br>[dnsmessage](https://github.com/search?q=dnsmessage&type=code) |
+| LOW | [net/dns/servers](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-servers.yara#go_dns_refs_local) | Examines local DNS servers | [CNAMEResource](https://github.com/search?q=CNAMEResource&type=code) |
+| LOW | [net/dns/txt](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-txt.yara#dns_txt) | Uses DNS TXT (text) records | [TXT](https://github.com/search?q=TXT&type=code)<br>[dns](https://github.com/search?q=dns&type=code) |
+| LOW | [net/http/2](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/http2.yara#http2) | Uses the HTTP/2 protocol | [HTTP/2](https://github.com/search?q=HTTP%2F2&type=code) |
+| LOW | [net/http/accept_encoding](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/accept-encoding.yara#content_type) | [set HTTP response encoding format (example: gzip)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding) | [Accept-Encoding](https://github.com/search?q=Accept-Encoding&type=code) |
+| LOW | [net/http/auth](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/auth.yara#http_auth) | makes HTTP requests with Bearer authentication | [WWW-Authenticate](https://github.com/search?q=WWW-Authenticate&type=code)<br>[Www-Authenticate](https://github.com/search?q=Www-Authenticate&type=code)<br>[www-authenticate](https://github.com/search?q=www-authenticate&type=code) |
+| LOW | [net/http/oauth2](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/oauth2.yara#oauth2) | supports OAuth2 | [oauth2](https://github.com/search?q=oauth2&type=code) |
+| LOW | [net/http/proxy](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/proxy.yara#proxy_auth) | [use HTTP proxy that requires authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization) | [Proxy-Authorization](https://github.com/search?q=Proxy-Authorization&type=code) |
+| LOW | [net/http/request](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/http-request.yara#http_request) | makes HTTP requests | [HTTP/1.](https://github.com/search?q=HTTP%2F1.&type=code)<br>[Referer](https://github.com/search?q=Referer&type=code)<br>[User-Agent](https://github.com/search?q=User-Agent&type=code) |
+| LOW | [net/ip](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip.yara#packets) | access the internet | [invalid packet](https://github.com/search?q=invalid+packet&type=code) |
+| LOW | [net/ip/multicast_send](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip-multicast-send.yara#multicast) | [send data to multiple nodes simultaneously](https://en.wikipedia.org/wiki/IP_multicast) | [multicast](https://github.com/search?q=multicast&type=code) |
+| LOW | [net/ip/send_unicast](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip-send-unicast.yara#unicast) | send data to the internet | [unicast](https://github.com/search?q=unicast&type=code) |
+| LOW | [net/resolve/hostname](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/resolve/hostname-resolve.yara#cannot_resolve) | resolve network host name to IP address | [cannot resolve](https://github.com/search?q=cannot+resolve&type=code) |
+| LOW | [net/socket/local_addr](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-local_addr.yara#getsockname) | [get local address of connected socket](https://man7.org/linux/man-pages/man2/getsockname.2.html) | [getsockname](https://github.com/search?q=getsockname&type=code) |
+| LOW | [net/socket/peer_address](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-peer-address.yara#getpeername) | [get peer address of connected socket](https://man7.org/linux/man-pages/man2/getpeername.2.html) | [getpeername](https://github.com/search?q=getpeername&type=code) |
+| LOW | [net/socket/receive](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-receive.yara#recvmsg) | [receive a message from a socket](https://linux.die.net/man/2/recvmsg) | [recvfrom](https://github.com/search?q=recvfrom&type=code)<br>[recvmsg](https://github.com/search?q=recvmsg&type=code) |
+| LOW | [net/socket/send](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-send.yara#sendmsg) | [send a message to a socket](https://linux.die.net/man/2/sendmsg) | [sendmsg](https://github.com/search?q=sendmsg&type=code)<br>[sendto](https://github.com/search?q=sendto&type=code) |
+| LOW | [net/tcp/grpc](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/grpc.yara#grpc) | Uses the gRPC Remote Procedure Call framework | [gRPC](https://github.com/search?q=gRPC&type=code) |
+| LOW | [net/udp/receive](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/udp/udp-receive.yara#udp_listen) | Listens for UDP responses | [ReadFromUDP](https://github.com/search?q=ReadFromUDP&type=code)<br>[listenUDP](https://github.com/search?q=listenUDP&type=code) |
+| LOW | [net/udp/send](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/udp/udp-send.yara#udp_send) | Sends UDP packets | [DialUDP](https://github.com/search?q=DialUDP&type=code)<br>[WriteMsgUDP](https://github.com/search?q=WriteMsgUDP&type=code) |
+| LOW | [net/url/embedded](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/embedded.yara#https_url) | contains embedded HTTPS URLs | [https://IsLatestPrefixesUploadIDMaxPartsUserTagsIf-Matchprofileris-groupl](https://IsLatestPrefixesUploadIDMaxPartsUserTagsIf-Matchprofileris-groupl)<br>[https://accounts.google.com/.well-known/openid-configuration](https://accounts.google.com/.well-known/openid-configuration)<br>[https://accounts.google.com/o/oauth2/authhttps](https://accounts.google.com/o/oauth2/authhttps)<br>[https://api.loganalytics.iohttps](https://api.loganalytics.iohttps)<br>[https://api.loganalytics.usservicebus.chinacloudapi.cndocuments.microsoft](https://api.loganalytics.usservicebus.chinacloudapi.cndocuments.microsoft)<br>[https://batch.chinacloudapi.cn/mysql.database.chinacloudapi.cnhttps](https://batch.chinacloudapi.cn/mysql.database.chinacloudapi.cnhttps)<br>[https://batch.cloudapi.de/mysql.database.cloudapi.decloudapp.microsoftazu](https://batch.cloudapi.de/mysql.database.cloudapi.decloudapp.microsoftazu)<br>[https://batch.core.usgovcloudapi.net/https](https://batch.core.usgovcloudapi.net/https)<br>[https://batch.core.windows.net/https](https://batch.core.windows.net/https)<br>[https://bit.ly/3cXEKWf](https://bit.ly/3cXEKWf)<br>[https://bit.ly/CRA-PWA.](https://bit.ly/CRA-PWA.)<br>[https://blog.min.io/?ref=con](https://blog.min.io/?ref=con)<br>[https://blog.min.io/active-active-email/](https://blog.min.io/active-active-email/)<br>[https://blog.min.io/c-e-compression-encryption/](https://blog.min.io/c-e-compression-encryption/)<br>[https://blog.min.io/cohasset-associates-assessment-for-object-locking-on-](https://blog.min.io/cohasset-associates-assessment-for-object-locking-on-)<br>[https://blog.min.io/complex-workflows-apache-kafka-minio/](https://blog.min.io/complex-workflows-apache-kafka-minio/)<br>[https://blog.min.io/content/images/size/w1000/2020/12/pay_banner-01-01-01](https://blog.min.io/content/images/size/w1000/2020/12/pay_banner-01-01-01)<br>[https://blog.min.io/content/images/size/w1000/2021/04/Screenshot-at-Apr-0](https://blog.min.io/content/images/size/w1000/2021/04/Screenshot-at-Apr-0)<br>[https://blog.min.io/content/images/size/w1000/2021/09/denys-nevozhai-7nrs](https://blog.min.io/content/images/size/w1000/2021/09/denys-nevozhai-7nrs)<br>[https://blog.min.io/content/images/size/w1000/2022/08/Supportability-blog](https://blog.min.io/content/images/size/w1000/2022/08/Supportability-blog)<br>[https://blog.min.io/content/images/size/w1000/2022/09/Screen-Shot-2022-09](https://blog.min.io/content/images/size/w1000/2022/09/Screen-Shot-2022-09)<br>[https://blog.min.io/content/images/size/w1000/2022/12/Screen-Shot-2022-12](https://blog.min.io/content/images/size/w1000/2022/12/Screen-Shot-2022-12)<br>[https://blog.min.io/content/images/size/w1000/2022/12/replication-bestpra](https://blog.min.io/content/images/size/w1000/2022/12/replication-bestpra)<br>[https://blog.min.io/content/images/size/w1000/2023/02/Understanding-the-M](https://blog.min.io/content/images/size/w1000/2023/02/Understanding-the-M)<br>[https://blog.min.io/content/images/size/w1000/2023/03/SUBNET-Healthcheck-](https://blog.min.io/content/images/size/w1000/2023/03/SUBNET-Healthcheck-)<br>[https://blog.min.io/content/images/size/w1000/2023/03/SUBNET-call-home.jp](https://blog.min.io/content/images/size/w1000/2023/03/SUBNET-call-home.jp)<br>[https://blog.min.io/content/images/size/w1000/2023/03/faststreaming-03.jp](https://blog.min.io/content/images/size/w1000/2023/03/faststreaming-03.jp)<br>[https://blog.min.io/content/images/size/w1000/2023/04/PXL_20230417_154022](https://blog.min.io/content/images/size/w1000/2023/04/PXL_20230417_154022)<br>[https://blog.min.io/content/images/size/w1000/2023/04/Screen-Shot-2023-04](https://blog.min.io/content/images/size/w1000/2023/04/Screen-Shot-2023-04)<br>[https://blog.min.io/content/images/size/w2000/2019/05/Screenshot-at-May-1](https://blog.min.io/content/images/size/w2000/2019/05/Screenshot-at-May-1)<br>[https://blog.min.io/content/images/size/w2000/2020/07/1920px-Immeuble_du_](https://blog.min.io/content/images/size/w2000/2020/07/1920px-Immeuble_du_)<br>[https://blog.min.io/content/images/size/w2000/2020/08/Cohasset.png](https://blog.min.io/content/images/size/w2000/2020/08/Cohasset.png)<br>[https://blog.min.io/content/images/size/w2000/2021/07/pexels-shockphoto-b](https://blog.min.io/content/images/size/w2000/2021/07/pexels-shockphoto-b)<br>[https://blog.min.io/content/images/size/w2000/2021/09/1_kqpVTzo8b0e2oKdOj](https://blog.min.io/content/images/size/w2000/2021/09/1_kqpVTzo8b0e2oKdOj)<br>[https://blog.min.io/content/images/size/w2000/2021/09/denys-nevozhai-7nrs](https://blog.min.io/content/images/size/w2000/2021/09/denys-nevozhai-7nrs)<br>[https://blog.min.io/content/images/size/w2000/2021/11/josh-rose-trYl7JYAT](https://blog.min.io/content/images/size/w2000/2021/11/josh-rose-trYl7JYAT)<br>[https://blog.min.io/content/images/size/w2000/2022/06/pexels-pixabay-2101](https://blog.min.io/content/images/size/w2000/2022/06/pexels-pixabay-2101)<br>[https://blog.min.io/content/images/size/w2000/2022/08/minioKafka-bloghead](https://blog.min.io/content/images/size/w2000/2022/08/minioKafka-bloghead)<br>[https://blog.min.io/content/images/size/w2000/2023/09/active-active-email](https://blog.min.io/content/images/size/w2000/2023/09/active-active-email)<br>[https://blog.min.io/content/images/size/w2000/2023/10/Screen-Shot-2023-10](https://blog.min.io/content/images/size/w2000/2023/10/Screen-Shot-2023-10)<br>[https://blog.min.io/content/images/size/w2000/2023/10/openid-minio.jpg](https://blog.min.io/content/images/size/w2000/2023/10/openid-minio.jpg)<br>[https://blog.min.io/content/images/size/w2000/2023/11/Regulatory-Complian](https://blog.min.io/content/images/size/w2000/2023/11/Regulatory-Complian)<br>[https://blog.min.io/content/images/size/w2000/2023/11/eventnotifications-](https://blog.min.io/content/images/size/w2000/2023/11/eventnotifications-)<br>[https://blog.min.io/content/images/size/w2000/2024/01/IMG_7378.jpeg](https://blog.min.io/content/images/size/w2000/2024/01/IMG_7378.jpeg)<br>[https://blog.min.io/content/images/size/w2000/2024/01/blog-header-How-to-](https://blog.min.io/content/images/size/w2000/2024/01/blog-header-How-to-)<br>[https://blog.min.io/content/images/size/w2000/2024/01/blog-header-how-do-](https://blog.min.io/content/images/size/w2000/2024/01/blog-header-how-do-)<br>[https://blog.min.io/content/images/size/w2000/2024/01/david-blog.jpeg](https://blog.min.io/content/images/size/w2000/2024/01/david-blog.jpeg)<br>[https://blog.min.io/continuous-data-protection-versioning-rewind/](https://blog.min.io/continuous-data-protection-versioning-rewind/)<br>[https://blog.min.io/data-authenticity-integrity/](https://blog.min.io/data-authenticity-integrity/)<br>[https://blog.min.io/erasure-coding-vs-raid/](https://blog.min.io/erasure-coding-vs-raid/)<br>[https://blog.min.io/erasure-coding/](https://blog.min.io/erasure-coding/)<br>[https://blog.min.io/event-notifications-vs-object-lambda/](https://blog.min.io/event-notifications-vs-object-lambda/)<br>[https://blog.min.io/how-do-i-know-replication-is-up-to-date/](https://blog.min.io/how-do-i-know-replication-is-up-to-date/)<br>[https://blog.min.io/hybrid-cloud-red-hat-openshift/](https://blog.min.io/hybrid-cloud-red-hat-openshift/)<br>[https://blog.min.io/introducing-speedtest-for-minio/](https://blog.min.io/introducing-speedtest-for-minio/)<br>[https://blog.min.io/introducing-subnet-health/](https://blog.min.io/introducing-subnet-health/)<br>[https://blog.min.io/introducing-webhooks-for-minio/](https://blog.min.io/introducing-webhooks-for-minio/)<br>[https://blog.min.io/kafka_and_minio/](https://blog.min.io/kafka_and_minio/)<br>[https://blog.min.io/managing-objects-tagging-policies/](https://blog.min.io/managing-objects-tagging-policies/)<br>[https://blog.min.io/minio-gcp-marketplace/](https://blog.min.io/minio-gcp-marketplace/)<br>[https://blog.min.io/minio-multi-cloud-azure-marketplace/](https://blog.min.io/minio-multi-cloud-azure-marketplace/)<br>[https://blog.min.io/minio-multi-cloud-object-storage-available-on-aws-mar](https://blog.min.io/minio-multi-cloud-object-storage-available-on-aws-mar)<br>[https://blog.min.io/minio-multi-site-active-active-replication/](https://blog.min.io/minio-multi-site-active-active-replication/)<br>[https://blog.min.io/minio-openid-connect-integration](https://blog.min.io/minio-openid-connect-integration)<br>[https://blog.min.io/minio-postgres-event-notifications/](https://blog.min.io/minio-postgres-event-notifications/)<br>[https://blog.min.io/minio-replication-best-practices/](https://blog.min.io/minio-replication-best-practices/)<br>[https://blog.min.io/minio-versioning-metadata-deep-dive/](https://blog.min.io/minio-versioning-metadata-deep-dive/)<br>[https://blog.min.io/minio-webhook-event-notifications/](https://blog.min.io/minio-webhook-event-notifications/)<br>[https://blog.min.io/multi-site-replication-resync/](https://blog.min.io/multi-site-replication-resync/)<br>[https://blog.min.io/object-locking-versioning-and-holds-in-minio/](https://blog.min.io/object-locking-versioning-and-holds-in-minio/)<br>[https://blog.min.io/object-storage-low-level-performance-testing/](https://blog.min.io/object-storage-low-level-performance-testing/)<br>[https://blog.min.io/regulatory-compliance-with-minio-object-lambdas/](https://blog.min.io/regulatory-compliance-with-minio-object-lambdas/)<br>[https://blog.min.io/renewing-kes-certificate/](https://blog.min.io/renewing-kes-certificate/)<br>[https://blog.min.io/s3-security-access-control/](https://blog.min.io/s3-security-access-control/)<br>[https://blog.min.io/secure-hybrid-cloud-minio-iam/](https://blog.min.io/secure-hybrid-cloud-minio-iam/)<br>[https://blog.min.io/stream-data-to-minio-using-kafka-kubernetes/](https://blog.min.io/stream-data-to-minio-using-kafka-kubernetes/)<br>[https://blog.min.io/subnet-call-home-diagnostics/](https://blog.min.io/subnet-call-home-diagnostics/)<br>[https://blog.min.io/subnet-healthcheck-and-performance/](https://blog.min.io/subnet-healthcheck-and-performance/)<br>[https://blog.min.io/subnet-series-communication/](https://blog.min.io/subnet-series-communication/)<br>[https://blog.min.io/supportability-minio-subnet/](https://blog.min.io/supportability-minio-subnet/)<br>[https://blog.min.io/the-beauty-of-the-panic-button/](https://blog.min.io/the-beauty-of-the-panic-button/)<br>[https://blog.min.io/transparent-data-compression/](https://blog.min.io/transparent-data-compression/)<br>[https://blog.min.io/troubleshooting-disk-failures/](https://blog.min.io/troubleshooting-disk-failures/)<br>[https://blog.min.io/why_our_customers_subscribe/](https://blog.min.io/why_our_customers_subscribe/)<br>[https://bugs.chromium.org/p/chromium/issues/detail?id=1025564](https://bugs.chromium.org/p/chromium/issues/detail?id=1025564)<br>[https://bugs.chromium.org/p/v8/issues/detail?id=90](https://bugs.chromium.org/p/v8/issues/detail?id=90)<br>[https://bugs.webkit.org/show_bug.cgi?id=156034](https://bugs.webkit.org/show_bug.cgi?id=156034)<br>[https://bugzil.la/875615](https://bugzil.la/875615)<br>[https://bugzilla.mozilla.org/1547776.](https://bugzilla.mozilla.org/1547776.)<br>[https://bugzilla.mozilla.org/1841972](https://bugzilla.mozilla.org/1841972)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=1023984](https://bugzilla.mozilla.org/show_bug.cgi?id=1023984)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=1414602](https://bugzilla.mozilla.org/show_bug.cgi?id=1414602)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=1719465.](https://bugzilla.mozilla.org/show_bug.cgi?id=1719465.)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=664884](https://bugzilla.mozilla.org/show_bug.cgi?id=664884)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=726227](https://bugzilla.mozilla.org/show_bug.cgi?id=726227)<br>[https://bugzilla.mozilla.org/show_bug.cgi?id=878297](https://bugzilla.mozilla.org/show_bug.cgi?id=878297)<br>[https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.jswebsocket](https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.jswebsocket)<br>[https://cldr.unicode.org/translation/date-time/date-time-symbols](https://cldr.unicode.org/translation/date-time/date-time-symbols)<br>[https://cloud.githubusercontent.com/assets/7957859/21814330/a17d556a-d761](https://cloud.githubusercontent.com/assets/7957859/21814330/a17d556a-d761)<br>[https://cloud.google.com/docs/authentication/external/set-up-adcneither](https://cloud.google.com/docs/authentication/external/set-up-adcneither)<br>[https://code.google.com/p/chromium/issues/detail?id=286360](https://code.google.com/p/chromium/issues/detail?id=286360)<br>[https://code.google.com/p/smhasher/wiki/MurmurHash3.](https://code.google.com/p/smhasher/wiki/MurmurHash3.)<br>[https://connect.microsoft.com/IE/feedback/details/837245/xmlhttprequest-u](https://connect.microsoft.com/IE/feedback/details/837245/xmlhttprequest-u)<br>[https://console-endpoint-url/oauth_callback](https://console-endpoint-url/oauth_callback)<br>[https://cosmos.azure.comgcloud-golang-storage/](https://cosmos.azure.comgcloud-golang-storage/)<br>[https://crbug.com/1264708](https://crbug.com/1264708)<br>[https://css-tricks.com/debouncing-throttling-explained-examples/](https://css-tricks.com/debouncing-throttling-explained-examples/)<br>[https://d3js.org/d3-shape/stack](https://d3js.org/d3-shape/stack)<br>[https://database.chinacloudapi.cn/empty](https://database.chinacloudapi.cn/empty)<br>[https://database.cloudapi.de/projects/-/serviceAccounts/](https://database.cloudapi.de/projects/-/serviceAccounts/)<br>[https://database.usgovcloudapi.net/cloud.google.com/go/storage.ACL.Setclo](https://database.usgovcloudapi.net/cloud.google.com/go/storage.ACL.Setclo)<br>[https://database.windows.net/postgres.database.cloudapi.dehttps](https://database.windows.net/postgres.database.cloudapi.dehttps)<br>[https://datalake.azure.net/https](https://datalake.azure.net/https)<br>[https://datatracker.ietf.org/doc/html/rfc7231](https://datatracker.ietf.org/doc/html/rfc7231)<br>[https://datatracker.ietf.org/doc/html/rfc7540](https://datatracker.ietf.org/doc/html/rfc7540)<br>[https://dev.azuresynapse.nethttps](https://dev.azuresynapse.nethttps)<br>[https://dev.azuresynapse.usgovcloudapi.netunable](https://dev.azuresynapse.usgovcloudapi.netunable)<br>[https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Object](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Object)<br>[https://developer.mozilla.org/en-US/docs/Glossary/Base64](https://developer.mozilla.org/en-US/docs/Glossary/Base64)<br>[https://developer.mozilla.org/en-US/docs/Web/API/DOMException.](https://developer.mozilla.org/en-US/docs/Web/API/DOMException.)<br>[https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/items](https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/items)<br>[https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/types](https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/types)<br>[https://developer.mozilla.org/en-US/docs/Web/API/DataTransferItemList](https://developer.mozilla.org/en-US/docs/Web/API/DataTransferItemList)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileList](https://developer.mozilla.org/en-US/docs/Web/API/FileList)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemDirectoryEntry](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemDirectoryEntry)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemDirectoryReade](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemDirectoryReade)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemEntry](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemEntry)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemFileEntry](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemFileEntry)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemFileHandle](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemFileHandle)<br>[https://developer.mozilla.org/en-US/docs/Web/API/FileSystemHandle](https://developer.mozilla.org/en-US/docs/Web/API/FileSystemHandle)<br>[https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API](https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API)<br>[https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitd](https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/webkitd)<br>[https://developer.mozilla.org/en-US/docs/Web/API/HTML_Drag_and_Drop_API/R](https://developer.mozilla.org/en-US/docs/Web/API/HTML_Drag_and_Drop_API/R)<br>[https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code](https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code)<br>[https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/getModifie](https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/getModifie)<br>[https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key](https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key)<br>[https://developer.mozilla.org/en-US/docs/Web/API/window/showOpenFilePicke](https://developer.mozilla.org/en-US/docs/Web/API/window/showOpenFilePicke)<br>[https://developer.mozilla.org/en-US/docs/Web/Accessibility/Understanding_](https://developer.mozilla.org/en-US/docs/Web/Accessibility/Understanding_)<br>[https://developer.mozilla.org/en-US/docs/Web/CSS/color_value/color-mix](https://developer.mozilla.org/en-US/docs/Web/CSS/color_value/color-mix)<br>[https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file)<br>[https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_typ](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_typ)<br>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_)<br>[https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Image_types](https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Image_types)<br>[https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/type](https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/type)<br>[https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts)<br>[https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Obj](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Obj)<br>[https://dl.min.io/client/mc/release/linux-amd64/archive/mc.build/static/m](https://dl.min.io/client/mc/release/linux-amd64/archive/mc.build/static/m)<br>[https://dl.min.io/client/mc/release/linux-amd64/mc.sha256sumUnable](https://dl.min.io/client/mc/release/linux-amd64/mc.sha256sumUnable)<br>[https://dl.min.io/server/minio/release/X-Minio-Replication-Encrypted-Mult](https://dl.min.io/server/minio/release/X-Minio-Replication-Encrypted-Mult)<br>[https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mg](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mg)<br>[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html)<br>[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_eleme](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_eleme)<br>[https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-](https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-a-)<br>[https://docs.min.io/?ref=con](https://docs.min.io/?ref=con)<br>[https://dr.minio-storage](https://dr.minio-storage)<br>[https://en.wikipedia.org/wiki/Content_Security_Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)<br>[https://en.wikipedia.org/wiki/Cubic_Hermite_spline](https://en.wikipedia.org/wiki/Cubic_Hermite_spline)<br>[https://en.wikipedia.org/wiki/Empty_set](https://en.wikipedia.org/wiki/Empty_set)<br>[https://en.wikipedia.org/wiki/Free_and_open-source_software](https://en.wikipedia.org/wiki/Free_and_open-source_software)<br>[https://en.wikipedia.org/wiki/ISO_8601](https://en.wikipedia.org/wiki/ISO_8601)<br>[https://en.wikipedia.org/wiki/ISO_week_date](https://en.wikipedia.org/wiki/ISO_week_date)<br>[https://en.wikipedia.org/wiki/Vacuous_truth](https://en.wikipedia.org/wiki/Vacuous_truth)<br>[https://enterprise-updates.ic.min.devconcurrency](https://enterprise-updates.ic.min.devconcurrency)<br>[https://esbench.com/bench/5bfee68a4cd7e6009ef61d23](https://esbench.com/bench/5bfee68a4cd7e6009ef61d23)<br>[https://example.com](https://example.com)<br>[https://fb.me/react-async-component-lifecycle-hooks](https://fb.me/react-async-component-lifecycle-hooks)<br>[https://feross.org](https://feross.org)<br>[https://fetch.spec.whatwg.org/](https://fetch.spec.whatwg.org/)<br>[https://fontforge.org/docs/techref/bezier.html](https://fontforge.org/docs/techref/bezier.html)<br>[https://fonts.googleapis.com/css?family=Montserrat](https://fonts.googleapis.com/css?family=Montserrat)<br>[https://fusejs.io/concepts/scoring-theory.html](https://fusejs.io/concepts/scoring-theory.html)<br>[https://gallery.azure.com/https](https://gallery.azure.com/https)<br>[https://gallery.chinacloudapi.cn/mariadb.database.chinacloudapi.cnhttps](https://gallery.chinacloudapi.cn/mariadb.database.chinacloudapi.cnhttps)<br>[https://gallery.cloudapi.de/mariadb.database.cloudapi.dex-goog-encryption](https://gallery.cloudapi.de/mariadb.database.cloudapi.dex-goog-encryption)<br>[https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.netdev.a](https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.netdev.a)<br>[https://gist.github.com/joelambert/1002116](https://gist.github.com/joelambert/1002116)<br>[https://git.io/JUIaE](https://git.io/JUIaE)<br>[https://github.com/BiggA94](https://github.com/BiggA94)<br>[https://github.com/DefinitelyTyped/DefinitelyTyped/blob/90a4ec8/types/nod](https://github.com/DefinitelyTyped/DefinitelyTyped/blob/90a4ec8/types/nod)<br>[https://github.com/DefinitelyTyped/DefinitelyTyped/discussions/66042](https://github.com/DefinitelyTyped/DefinitelyTyped/discussions/66042)<br>[https://github.com/DefinitelyTyped/DefinitelyTyped/pull/55396](https://github.com/DefinitelyTyped/DefinitelyTyped/pull/55396)<br>[https://github.com/Flamenco](https://github.com/Flamenco)<br>[https://github.com/Gavvers](https://github.com/Gavvers)<br>[https://github.com/HTTPArchive/wappalyzer/blob/main/src/technologies/r.js](https://github.com/HTTPArchive/wappalyzer/blob/main/src/technologies/r.js)<br>[https://github.com/Microsoft/TypeScript/issues/3496](https://github.com/Microsoft/TypeScript/issues/3496)<br>[https://github.com/MikeMcl/decimal.js-light/LICENCE](https://github.com/MikeMcl/decimal.js-light/LICENCE)<br>[https://github.com/MrRio/jsPDF](https://github.com/MrRio/jsPDF)<br>[https://github.com/ReactiveX/rxjs/blob/6fafcf53dc9e557439b25debaeadfd224b](https://github.com/ReactiveX/rxjs/blob/6fafcf53dc9e557439b25debaeadfd224b)<br>[https://github.com/Rob--W/open-in-browser/blob/7e2e35a38b8b4e981b11da7b2f](https://github.com/Rob--W/open-in-browser/blob/7e2e35a38b8b4e981b11da7b2f)<br>[https://github.com/Rob--W/open-in-browser/issues/26](https://github.com/Rob--W/open-in-browser/issues/26)<br>[https://github.com/WebReflection/get-own-property-symbols/issues/4](https://github.com/WebReflection/get-own-property-symbols/issues/4)<br>[https://github.com/acacode/swagger-typescript-api](https://github.com/acacode/swagger-typescript-api)<br>[https://github.com/acspike](https://github.com/acspike)<br>[https://github.com/adobe-webplatform/Snap.svg/blob/b365287722a72526000ac4](https://github.com/adobe-webplatform/Snap.svg/blob/b365287722a72526000ac4)<br>[https://github.com/ai/nanoid/blob/3.0.2/non-secure/index.js](https://github.com/ai/nanoid/blob/3.0.2/non-secure/index.js)<br>[https://github.com/amilajack/eslint-plugin-flowtype-errors/issues/133](https://github.com/amilajack/eslint-plugin-flowtype-errors/issues/133)<br>[https://github.com/bgrins/TinyColor/issues/254](https://github.com/bgrins/TinyColor/issues/254)<br>[https://github.com/browserify/path-browserify](https://github.com/browserify/path-browserify)<br>[https://github.com/burnburnrocket](https://github.com/burnburnrocket)<br>[https://github.com/bvaughn/react-virtualized/pull/124](https://github.com/bvaughn/react-virtualized/pull/124)<br>[https://github.com/bvaughn/react-virtualized/pull/942](https://github.com/bvaughn/react-virtualized/pull/942)<br>[https://github.com/cburgmer/rasterizeHTML.js](https://github.com/cburgmer/rasterizeHTML.js)<br>[https://github.com/chris-rock](https://github.com/chris-rock)<br>[https://github.com/cloudhead/less.js/blob/master/lib/less/functions.js](https://github.com/cloudhead/less.js/blob/master/lib/less/functions.js)<br>[https://github.com/danielhusar](https://github.com/danielhusar)<br>[https://github.com/defunctzombie/node-process/blob/master/browser.js](https://github.com/defunctzombie/node-process/blob/master/browser.js)<br>[https://github.com/diegocr](https://github.com/diegocr)<br>[https://github.com/dollaruw](https://github.com/dollaruw)<br>[https://github.com/eaparango](https://github.com/eaparango)<br>[https://github.com/facebook/create-react-app/issues/2374](https://github.com/facebook/create-react-app/issues/2374)<br>[https://github.com/facebook/fbjs/blob/c69904a511b900266935168223063dd8772](https://github.com/facebook/fbjs/blob/c69904a511b900266935168223063dd8772)<br>[https://github.com/facebook/fbjs/blob/master/packages/fbjs/src/core/hyphe](https://github.com/facebook/fbjs/blob/master/packages/fbjs/src/core/hyphe)<br>[https://github.com/facebook/hermes/issues/274](https://github.com/facebook/hermes/issues/274)<br>[https://github.com/facebook/react/blob/a8a4742f1c54493df00da648a3f9d26e3d](https://github.com/facebook/react/blob/a8a4742f1c54493df00da648a3f9d26e3d)<br>[https://github.com/facebook/react/blob/b87aabdfe1b7461e7331abb3601d9e6bb2](https://github.com/facebook/react/blob/b87aabdfe1b7461e7331abb3601d9e6bb2)<br>[https://github.com/facebook/react/blob/master/packages/shared/formatProdE](https://github.com/facebook/react/blob/master/packages/shared/formatProdE)<br>[https://github.com/facebook/react/commit/977357765b44af8ff0cfea3278668610](https://github.com/facebook/react/commit/977357765b44af8ff0cfea3278668610)<br>[https://github.com/facebook/react/pull/26395](https://github.com/facebook/react/pull/26395)<br>[https://github.com/facebook/react/pull/7081](https://github.com/facebook/react/pull/7081)<br>[https://github.com/facebook/react/pull/7515](https://github.com/facebook/react/pull/7515)<br>[https://github.com/feross/queue-microtask](https://github.com/feross/queue-microtask)<br>[https://github.com/fjenett](https://github.com/fjenett)<br>[https://github.com/flamenco](https://github.com/flamenco)<br>[https://github.com/gingerchris](https://github.com/gingerchris)<br>[https://github.com/go-sql-driver/mysql/wiki/old_passwordsSingle-Node](https://github.com/go-sql-driver/mysql/wiki/old_passwordsSingle-Node)<br>[https://github.com/go-sql-driver/mysql/wiki/strict-modeWithClientCertSour](https://github.com/go-sql-driver/mysql/wiki/strict-modeWithClientCertSour)<br>[https://github.com/golang/protobuf/issues/1609](https://github.com/golang/protobuf/issues/1609)<br>[https://github.com/ineedfat](https://github.com/ineedfat)<br>[https://github.com/infusion/jQuery-xcolor/blob/master/jquery.xcolor.js](https://github.com/infusion/jQuery-xcolor/blob/master/jquery.xcolor.js)<br>[https://github.com/jamesbrobb](https://github.com/jamesbrobb)<br>[https://github.com/jamiebuilds/tinykeys/issues/37](https://github.com/jamiebuilds/tinykeys/issues/37)<br>[https://github.com/jashkenas/underscore/pull/1247](https://github.com/jashkenas/underscore/pull/1247)<br>[https://github.com/jmorel](https://github.com/jmorel)<br>[https://github.com/jonschlinkert/kind-of](https://github.com/jonschlinkert/kind-of)<br>[https://github.com/jonschlinkert/mixin-deep](https://github.com/jonschlinkert/mixin-deep)<br>[https://github.com/juanpgaviria](https://github.com/juanpgaviria)<br>[https://github.com/kolodny/jsan](https://github.com/kolodny/jsan)<br>[https://github.com/ladjs/superagent/issues/1680](https://github.com/ladjs/superagent/issues/1680)<br>[https://github.com/libuv/libuv/commit/02e1ebd40b807be5af46343ea873331b2ee](https://github.com/libuv/libuv/commit/02e1ebd40b807be5af46343ea873331b2ee)<br>[https://github.com/lifof](https://github.com/lifof)<br>[https://github.com/ljharb/object.assign/issues/17](https://github.com/ljharb/object.assign/issues/17)<br>[https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js](https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js)<br>[https://github.com/lodash/lodash/blob/master/.internal/baseToString.js](https://github.com/lodash/lodash/blob/master/.internal/baseToString.js)<br>[https://github.com/lodash/lodash/blob/master/.internal/getTag.js](https://github.com/lodash/lodash/blob/master/.internal/getTag.js)<br>[https://github.com/lodash/lodash/blob/master/isBoolean.js](https://github.com/lodash/lodash/blob/master/isBoolean.js)<br>[https://github.com/lsdriscoll](https://github.com/lsdriscoll)<br>[https://github.com/micromark/micromark-extension-footnote](https://github.com/micromark/micromark-extension-footnote)<br>[https://github.com/mikolalysenko/binary-search-bounds/issues/5](https://github.com/mikolalysenko/binary-search-bounds/issues/5)<br>[https://github.com/mikolalysenko/interval-tree-1d](https://github.com/mikolalysenko/interval-tree-1d)<br>[https://github.com/minio/mc/issuespreferred_preauth_types](https://github.com/minio/mc/issuespreferred_preauth_types)<br>[https://github.com/minio/minio-go/issues.The](https://github.com/minio/minio-go/issues.The)<br>[https://github.com/minio/minio-go/issues.sum](https://github.com/minio/minio-go/issues.sum)<br>[https://github.com/minio/minio/issues.Set](https://github.com/minio/minio/issues.Set)<br>[https://github.com/minio/minio/issuesA](https://github.com/minio/minio/issuesA)<br>[https://github.com/minio/minio/tree/master/docs/debugging?ref=con](https://github.com/minio/minio/tree/master/docs/debugging?ref=con)<br>[https://github.com/minio/minio/tree/master/docs/erasure/storage-class](https://github.com/minio/minio/tree/master/docs/erasure/storage-class)<br>[https://github.com/minio/minio/tree/master/docs/site-replication?ref=con](https://github.com/minio/minio/tree/master/docs/site-replication?ref=con)<br>[https://github.com/moment/moment/blob/000ac1800e620f770f4eb31b5ae908f6167](https://github.com/moment/moment/blob/000ac1800e620f770f4eb31b5ae908f6167)<br>[https://github.com/mourner/quickselect](https://github.com/mourner/quickselect)<br>[https://github.com/mozilla/pdf.js/blob/d9fac3459609a807be6506fb3441b5da4b](https://github.com/mozilla/pdf.js/blob/d9fac3459609a807be6506fb3441b5da4b)<br>[https://github.com/mozilla/source-map/blob/58819f0/source-map.d.ts](https://github.com/mozilla/source-map/blob/58819f0/source-map.d.ts)<br>[https://github.com/mweststrate/immer](https://github.com/mweststrate/immer)<br>[https://github.com/niklasvh/html2canvas](https://github.com/niklasvh/html2canvas)<br>[https://github.com/nodejs/node/blob/fcf8ba4/lib/internal/url.js](https://github.com/nodejs/node/blob/fcf8ba4/lib/internal/url.js)<br>[https://github.com/nodejs/node/blob/master/lib/path.js](https://github.com/nodejs/node/blob/master/lib/path.js)<br>[https://github.com/nodejs/node/issues/17469](https://github.com/nodejs/node/issues/17469)<br>[https://github.com/pablohess](https://github.com/pablohess)<br>[https://github.com/radix-ui/primitives/pull/1378](https://github.com/radix-ui/primitives/pull/1378)<br>[https://github.com/react-dropzone/react-dropzone/issues/276](https://github.com/react-dropzone/react-dropzone/issues/276)<br>[https://github.com/react-dropzone/react-dropzone/issues/450](https://github.com/react-dropzone/react-dropzone/issues/450)<br>[https://github.com/reactjs/react-transition-group/blob/13435f897b3ab71f6e](https://github.com/reactjs/react-transition-group/blob/13435f897b3ab71f6e)<br>[https://github.com/reactjs/react-transition-group/pull/749](https://github.com/reactjs/react-transition-group/pull/749)<br>[https://github.com/recharts/recharts/issues/2143](https://github.com/recharts/recharts/issues/2143)<br>[https://github.com/recharts/recharts/issues/3669](https://github.com/recharts/recharts/issues/3669)<br>[https://github.com/recharts/recharts/pull/2925](https://github.com/recharts/recharts/pull/2925)<br>[https://github.com/recharts/recharts/pull/3327](https://github.com/recharts/recharts/pull/3327)<br>[https://github.com/reduxjs/redux-toolkit/blob/e85eb17b39a2118d859f7b7746e](https://github.com/reduxjs/redux-toolkit/blob/e85eb17b39a2118d859f7b7746e)<br>[https://github.com/reduxjs/redux-toolkit/discussions/1648](https://github.com/reduxjs/redux-toolkit/discussions/1648)<br>[https://github.com/remarkjs/react-markdown/blob/main/changelog.md](https://github.com/remarkjs/react-markdown/blob/main/changelog.md)<br>[https://github.com/remarkjs/react-markdown/issues/576](https://github.com/remarkjs/react-markdown/issues/576)<br>[https://github.com/remarkjs/remark-react/issues/64](https://github.com/remarkjs/remark-react/issues/64)<br>[https://github.com/remix-run/history/tree/main/docs/api-reference.md](https://github.com/remix-run/history/tree/main/docs/api-reference.md)<br>[https://github.com/remix-run/react-router/issues/10579](https://github.com/remix-run/react-router/issues/10579)<br>[https://github.com/remix-run/react-router/issues/11052](https://github.com/remix-run/react-router/issues/11052)<br>[https://github.com/remix-run/remix/issues/927](https://github.com/remix-run/remix/issues/927)<br>[https://github.com/request/request/search?q=ESOCKETTIMEDOUT](https://github.com/request/request/search?q=ESOCKETTIMEDOUT)<br>[https://github.com/sdecima/javascript-detect-element-resize](https://github.com/sdecima/javascript-detect-element-resize)<br>[https://github.com/siefkenj/](https://github.com/siefkenj/)<br>[https://github.com/sindresorhus/github-markdown-css](https://github.com/sindresorhus/github-markdown-css)<br>[https://github.com/sindresorhus/got/pull/537](https://github.com/sindresorhus/got/pull/537)<br>[https://github.com/sindresorhus/serialize-error](https://github.com/sindresorhus/serialize-error)<br>[https://github.com/sindresorhus/type-fest](https://github.com/sindresorhus/type-fest)<br>[https://github.com/stefslon](https://github.com/stefslon)<br>[https://github.com/syntax-tree/mdast-util-definitions/blob/8290999/index.](https://github.com/syntax-tree/mdast-util-definitions/blob/8290999/index.)<br>[https://github.com/syntax-tree/mdast-util-footnote](https://github.com/syntax-tree/mdast-util-footnote)<br>[https://github.com/tc39/proposal-observable](https://github.com/tc39/proposal-observable)<br>[https://github.com/tc39/proposal-shadowrealm/pull/384](https://github.com/tc39/proposal-shadowrealm/pull/384)<br>[https://github.com/thysultan/stylis.js/tree/v3.5.4](https://github.com/thysultan/stylis.js/tree/v3.5.4)<br>[https://github.com/ungap/url-search-params](https://github.com/ungap/url-search-params)<br>[https://github.com/urfave/cli/blob/master/CHANGELOG.mdoperation](https://github.com/urfave/cli/blob/master/CHANGELOG.mdoperation)<br>[https://github.com/visionmedia/css-parse/pull/49](https://github.com/visionmedia/css-parse/pull/49)<br>[https://github.com/visionmedia/superagent](https://github.com/visionmedia/superagent)<br>[https://github.com/warrenweckesser](https://github.com/warrenweckesser)<br>[https://github.com/wojtekmaj/react-pdf](https://github.com/wojtekmaj/react-pdf)<br>[https://github.com/woolfg](https://github.com/woolfg)<br>[https://github.com/wooorm/bcp-47](https://github.com/wooorm/bcp-47)<br>[https://github.com/wooorm/svg-element-attributes](https://github.com/wooorm/svg-element-attributes)<br>[https://github.com/zalmoxisus/remotedev-serialize/blob/master/helpers/ind](https://github.com/zalmoxisus/remotedev-serialize/blob/master/helpers/ind)<br>[https://github.com/zalmoxisus/remotedev-serialize/blob/master/immutable/s](https://github.com/zalmoxisus/remotedev-serialize/blob/master/immutable/s)<br>[https://graph.chinacloudapi.cn/https](https://graph.chinacloudapi.cn/https)<br>[https://graph.cloudapi.de/https](https://graph.cloudapi.de/https)<br>[https://graph.microsoft.com/https](https://graph.microsoft.com/https)<br>[https://graph.microsoft.us/https](https://graph.microsoft.us/https)<br>[https://graph.windows.net/mariadb.database.azure.comhttps](https://graph.windows.net/mariadb.database.azure.comhttps)<br>[https://hertzen.com](https://hertzen.com)<br>[https://html.spec.whatwg.org/multipage/dnd.html](https://html.spec.whatwg.org/multipage/dnd.html)<br>[https://html.spec.whatwg.org/multipage/form-control-infrastructure.html](https://html.spec.whatwg.org/multipage/form-control-infrastructure.html)<br>[https://html.spec.whatwg.org/multipage/nav-history-apis.html](https://html.spec.whatwg.org/multipage/nav-history-apis.html)<br>[https://html.spec.whatwg.org/multipage/parsing.html](https://html.spec.whatwg.org/multipage/parsing.html)<br>[https://html.spec.whatwg.org/multipage/structured-data.html](https://html.spec.whatwg.org/multipage/structured-data.html)<br>[https://html2canvas.hertzen.com](https://html2canvas.hertzen.com)<br>[https://httpwg.org/specs/rfc9110.html](https://httpwg.org/specs/rfc9110.html)<br>[https://i.ytimg.com/an_webp/7EJO_iRiB2s/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/7EJO_iRiB2s/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/an_webp/UGROqu7mYJs/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/UGROqu7mYJs/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/an_webp/Yh_1grPSBjw/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/Yh_1grPSBjw/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/an_webp/Zyc-xhNcPco/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/Zyc-xhNcPco/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/an_webp/_ZEjm4bPgVI/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/_ZEjm4bPgVI/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/an_webp/mv8I1wvTCrE/mqdefault_6s.webp?du=3000](https://i.ytimg.com/an_webp/mv8I1wvTCrE/mqdefault_6s.webp?du=3000)<br>[https://i.ytimg.com/vi/-PjTSwLB8ZA/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/-PjTSwLB8ZA/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/0PgMxz0HauA/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/0PgMxz0HauA/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/5fz3rE3wjGg/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/5fz3rE3wjGg/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/5ptKrZzOs4c/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/5ptKrZzOs4c/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/89vnToCcoAw/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/89vnToCcoAw/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/A3vCDaFWNNs/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/A3vCDaFWNNs/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/BLTlaOvVCSg/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/BLTlaOvVCSg/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/CrBjB7vbI7M/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/CrBjB7vbI7M/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/Exg2KsfzHzI/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/Exg2KsfzHzI/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/G4wQZEsIxcU/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/G4wQZEsIxcU/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/Hk9Z-sltUu8/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/Hk9Z-sltUu8/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/Iz8ChZ7FRrw/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/Iz8ChZ7FRrw/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/KiWWVgfuulU/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/KiWWVgfuulU/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/Oix9iXndSUY/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/Oix9iXndSUY/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/QniHMNNmbfI/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/QniHMNNmbfI/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/UuxqnUgowyg/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/UuxqnUgowyg/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/XGOiwV6Cbuk/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/XGOiwV6Cbuk/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/bZsNxeuzmYc/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/bZsNxeuzmYc/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/dLSBuVG7Y3k/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/dLSBuVG7Y3k/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/iCxcv4_j35M/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/iCxcv4_j35M/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/nFUI2N5zH34/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/nFUI2N5zH34/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/sJEFAVqoKr0/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/sJEFAVqoKr0/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/thNus-DL1u4/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/thNus-DL1u4/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://i.ytimg.com/vi/vdHv9wfhu24/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/vdHv9wfhu24/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/z2bRoMrQxv0/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy](https://i.ytimg.com/vi/z2bRoMrQxv0/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXy)<br>[https://i.ytimg.com/vi/zqjsw4O2-4U/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry](https://i.ytimg.com/vi/zqjsw4O2-4U/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFry)<br>[https://iamcredentials..](https://iamcredentials..)<br>[https://iamcredentials.UNIVERSE_DOMAIN/error](https://iamcredentials.UNIVERSE_DOMAIN/error)<br>[https://iamcredentials.googleapis.com/invalid](https://iamcredentials.googleapis.com/invalid)<br>[https://iamcredentials.googleapis.com/v1/](https://iamcredentials.googleapis.com/v1/)<br>[https://iamcredentials.mtls.googleapis.com/urn](https://iamcredentials.mtls.googleapis.com/urn)<br>[https://identity-provider-url/.well-known/openid-configuration](https://identity-provider-url/.well-known/openid-configuration)<br>[https://images.unsplash.com/photo-1428660285748-340f4e33d608?crop=entropy](https://images.unsplash.com/photo-1428660285748-340f4e33d608?crop=entropy)<br>[https://images.unsplash.com/photo-1522932753915-9ee97e43e3d9?crop=entropy](https://images.unsplash.com/photo-1522932753915-9ee97e43e3d9?crop=entropy)<br>[https://images.unsplash.com/photo-1523961131990-5ea7c61b2107?crop=entropy](https://images.unsplash.com/photo-1523961131990-5ea7c61b2107?crop=entropy)<br>[https://images.unsplash.com/photo-1531185907801-2771c11ab782?crop=entropy](https://images.unsplash.com/photo-1531185907801-2771c11ab782?crop=entropy)<br>[https://images.unsplash.com/photo-1548197193-2c2df590e23f?crop=entropy](https://images.unsplash.com/photo-1548197193-2c2df590e23f?crop=entropy)<br>[https://images.unsplash.com/photo-1571907483086-3c0ea40cc16d?crop=entropy](https://images.unsplash.com/photo-1571907483086-3c0ea40cc16d?crop=entropy)<br>[https://images.unsplash.com/photo-1597386601945-8980df52c3dc?crop=entropy](https://images.unsplash.com/photo-1597386601945-8980df52c3dc?crop=entropy)<br>[https://images.unsplash.com/photo-1611783569248-a82ec2e72c67?crop=entropy](https://images.unsplash.com/photo-1611783569248-a82ec2e72c67?crop=entropy)<br>[https://infra.spec.whatwg.org/](https://infra.spec.whatwg.org/)<br>[https://kubernetes.default.svc/versionfailed](https://kubernetes.default.svc/versionfailed)<br>[https://login.chinacloudapi.cn/https](https://login.chinacloudapi.cn/https)<br>[https://login.microsoftonline.com/https](https://login.microsoftonline.com/https)<br>[https://login.microsoftonline.de/storage](https://login.microsoftonline.de/storage)<br>[https://login.microsoftonline.us/https](https://login.microsoftonline.us/https)<br>[https://man7.org/linux/man-pages/man1/df.1.html](https://man7.org/linux/man-pages/man1/df.1.html)<br>[https://manage.chinacloudapi.com/https](https://manage.chinacloudapi.com/https)<br>[https://manage.chinacloudapi.com/publishsettings/indexhttps](https://manage.chinacloudapi.com/publishsettings/indexhttps)<br>[https://manage.microsoftazure.de/publishsettings/indexunable](https://manage.microsoftazure.de/publishsettings/indexunable)<br>[https://manage.windowsazure.com/https](https://manage.windowsazure.com/https)<br>[https://manage.windowsazure.com/publishsettings/indexstorage](https://manage.windowsazure.com/publishsettings/indexstorage)<br>[https://manage.windowsazure.us/https](https://manage.windowsazure.us/https)<br>[https://manage.windowsazure.us/publishsettings/indexfailed](https://manage.windowsazure.us/publishsettings/indexfailed)<br>[https://managedhsm.azure.net/https](https://managedhsm.azure.net/https)<br>[https://managedhsm.azure.netservicebus.usgovcloudapi.nethttps](https://managedhsm.azure.netservicebus.usgovcloudapi.nethttps)<br>[https://management.azure.com/https](https://management.azure.com/https)<br>[https://management.chinacloudapi.cn/https](https://management.chinacloudapi.cn/https)<br>[https://management.core.chinacloudapi.cn/https](https://management.core.chinacloudapi.cn/https)<br>[https://management.core.cloudapi.de/cloud.google.com/go/storage.ACL.Listu](https://management.core.cloudapi.de/cloud.google.com/go/storage.ACL.Listu)<br>[https://management.core.usgovcloudapi.net/https](https://management.core.usgovcloudapi.net/https)<br>[https://management.core.windows.net/https](https://management.core.windows.net/https)<br>[https://management.microsoftazure.de/empty](https://management.microsoftazure.de/empty)<br>[https://management.usgovcloudapi.net/https](https://management.usgovcloudapi.net/https)<br>[https://mathiasbynens.be/notes/javascript-unicode](https://mathiasbynens.be/notes/javascript-unicode)<br>[https://mdn.io/Number/isNaN](https://mdn.io/Number/isNaN)<br>[https://mdn.io/isNaN](https://mdn.io/isNaN)<br>[https://mermaid.live/edit](https://mermaid.live/edit)<br>[https://microsoftgraph.chinacloudapi.cn/storage](https://microsoftgraph.chinacloudapi.cn/storage)<br>[https://microsoftgraph.chinacloudapi.cnstorage](https://microsoftgraph.chinacloudapi.cnstorage)<br>[https://min.io/?ref=con](https://min.io/?ref=con)<br>[https://min.io/compliance?ref=con](https://min.io/compliance?ref=con)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/bucket-repli](https://min.io/docs/minio/kubernetes/upstream/administration/bucket-repli)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/console/mana](https://min.io/docs/minio/kubernetes/upstream/administration/console/mana)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/identity-acc](https://min.io/docs/minio/kubernetes/upstream/administration/identity-acc)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/minio-consol](https://min.io/docs/minio/kubernetes/upstream/administration/minio-consol)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/monitoring.h](https://min.io/docs/minio/kubernetes/upstream/administration/monitoring.h)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/monitoring/b](https://min.io/docs/minio/kubernetes/upstream/administration/monitoring/b)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/object-manag](https://min.io/docs/minio/kubernetes/upstream/administration/object-manag)<br>[https://min.io/docs/minio/kubernetes/upstream/administration/server-side-](https://min.io/docs/minio/kubernetes/upstream/administration/server-side-)<br>[https://min.io/docs/minio/kubernetes/upstream/glossary.html](https://min.io/docs/minio/kubernetes/upstream/glossary.html)<br>[https://min.io/docs/minio/kubernetes/upstream/index.html?ref=con](https://min.io/docs/minio/kubernetes/upstream/index.html?ref=con)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/concepts.html](https://min.io/docs/minio/kubernetes/upstream/operations/concepts.html)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/concepts/erasure](https://min.io/docs/minio/kubernetes/upstream/operations/concepts/erasure)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/external-iam.htm](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam.htm)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/con](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/con)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-m](https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-m)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/monitoring.html](https://min.io/docs/minio/kubernetes/upstream/operations/monitoring.html)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/monitoring/metri](https://min.io/docs/minio/kubernetes/upstream/operations/monitoring/metri)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/monitoring/minio](https://min.io/docs/minio/kubernetes/upstream/operations/monitoring/minio)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/troubleshooting.](https://min.io/docs/minio/kubernetes/upstream/operations/troubleshooting.)<br>[https://min.io/docs/minio/kubernetes/upstream/operations/troubleshooting/](https://min.io/docs/minio/kubernetes/upstream/operations/troubleshooting/)<br>[https://min.io/docs/minio/linux/administration/bucket-replication.html?re](https://min.io/docs/minio/linux/administration/bucket-replication.html?re)<br>[https://min.io/docs/minio/linux/administration/console/security-and-acces](https://min.io/docs/minio/linux/administration/console/security-and-acces)<br>[https://min.io/docs/minio/linux/administration/console/subnet-registratio](https://min.io/docs/minio/linux/administration/console/subnet-registratio)<br>[https://min.io/docs/minio/linux/administration/identity-access-management](https://min.io/docs/minio/linux/administration/identity-access-management)<br>[https://min.io/docs/minio/linux/administration/monitoring.html](https://min.io/docs/minio/linux/administration/monitoring.html)<br>[https://min.io/docs/minio/linux/administration/monitoring/bucket-notifica](https://min.io/docs/minio/linux/administration/monitoring/bucket-notifica)<br>[https://min.io/docs/minio/linux/administration/monitoring/publish-events-](https://min.io/docs/minio/linux/administration/monitoring/publish-events-)<br>[https://min.io/docs/minio/linux/administration/object-management.html](https://min.io/docs/minio/linux/administration/object-management.html)<br>[https://min.io/docs/minio/linux/administration/object-management/object-l](https://min.io/docs/minio/linux/administration/object-management/object-l)<br>[https://min.io/docs/minio/linux/developers/transforms-with-object-lambda.](https://min.io/docs/minio/linux/developers/transforms-with-object-lambda.)<br>[https://min.io/docs/minio/linux/glossary.html](https://min.io/docs/minio/linux/glossary.html)<br>[https://min.io/docs/minio/linux/index.html?ref=con](https://min.io/docs/minio/linux/index.html?ref=con)<br>[https://min.io/docs/minio/linux/index.htmlinvalid](https://min.io/docs/minio/linux/index.htmlinvalid)<br>[https://min.io/docs/minio/linux/operations/concepts/erasure-coding.htmlfo](https://min.io/docs/minio/linux/operations/concepts/erasure-coding.htmlfo)<br>[https://min.io/docs/minio/linux/operations/external-iam.html?ref=con](https://min.io/docs/minio/linux/operations/external-iam.html?ref=con)<br>[https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-m](https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-m)<br>[https://min.io/docs/minio/linux/operations/install-deploy-manage/migrate-](https://min.io/docs/minio/linux/operations/install-deploy-manage/migrate-)<br>[https://min.io/docs/minio/linux/operations/install-deploy-manage/multi-si](https://min.io/docs/minio/linux/operations/install-deploy-manage/multi-si)<br>[https://min.io/docs/minio/linux/operations/monitoring.html](https://min.io/docs/minio/linux/operations/monitoring.html)<br>[https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metri](https://min.io/docs/minio/linux/operations/monitoring/collect-minio-metri)<br>[https://min.io/docs/minio/linux/operations/monitoring/minio-logging.html](https://min.io/docs/minio/linux/operations/monitoring/minio-logging.html)<br>[https://min.io/docs/minio/linux/operations/network-encryption.html](https://min.io/docs/minio/linux/operations/network-encryption.html)<br>[https://min.io/docs/minio/linux/operations/troubleshooting.html](https://min.io/docs/minio/linux/operations/troubleshooting.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-config.](https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-config.)<br>[https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-heal.ht](https://min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-heal.ht)<br>[https://min.io/docs/minio/linux/reference/minio-mc.html](https://min.io/docs/minio/linux/reference/minio-mc.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc/mc-anonymous-set.html](https://min.io/docs/minio/linux/reference/minio-mc/mc-anonymous-set.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc/mc-du.html](https://min.io/docs/minio/linux/reference/minio-mc/mc-du.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc/mc-mb.html](https://min.io/docs/minio/linux/reference/minio-mc/mc-mb.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc/mc-quota-set.html](https://min.io/docs/minio/linux/reference/minio-mc/mc-quota-set.html)<br>[https://min.io/docs/minio/linux/reference/minio-mc/mc-sql.html](https://min.io/docs/minio/linux/reference/minio-mc/mc-sql.html)<br>[https://min.io/docs/minio/linux/reference/minio-server/minio-server.html](https://min.io/docs/minio/linux/reference/minio-server/minio-server.html)<br>[https://min.io/docs/minio/macos/administration/object-management.html](https://min.io/docs/minio/macos/administration/object-management.html)<br>[https://min.io/docs/minio/macos/administration/object-management/object-r](https://min.io/docs/minio/macos/administration/object-management/object-r)<br>[https://min.io/docs/minio/macos/operations/install-deploy-manage/deploy-m](https://min.io/docs/minio/macos/operations/install-deploy-manage/deploy-m)<br>[https://min.io/docs/minio/windows/administration/bucket-replication.html](https://min.io/docs/minio/windows/administration/bucket-replication.html)<br>[https://min.io/docs/minio/windows/administration/console/managing-deploym](https://min.io/docs/minio/windows/administration/console/managing-deploym)<br>[https://min.io/docs/minio/windows/administration/object-management/object](https://min.io/docs/minio/windows/administration/object-management/object)<br>[https://min.io/docs/minio/windows/administration/object-management/transi](https://min.io/docs/minio/windows/administration/object-management/transi)<br>[https://min.io/docs/minio/windows/operations/concepts.html](https://min.io/docs/minio/windows/operations/concepts.html)<br>[https://min.io/docs/minio/windows/operations/data-recovery.html](https://min.io/docs/minio/windows/operations/data-recovery.html)<br>[https://min.io/docs/minio/windows/operations/data-recovery/recover-after-](https://min.io/docs/minio/windows/operations/data-recovery/recover-after-)<br>[https://min.io/docs/minio/windows/operations/monitoring/minio-logging.htm](https://min.io/docs/minio/windows/operations/monitoring/minio-logging.htm)<br>[https://min.io/download/?ref=con](https://min.io/download/?ref=con)<br>[https://min.io/product/subnet?ref=con](https://min.io/product/subnet?ref=con)<br>[https://min.io/resources/img/logo/MINIO_wordmark.png](https://min.io/resources/img/logo/MINIO_wordmark.png)<br>[https://min.io/signup.](https://min.io/signup.)<br>[https://min.io/signup?ref=con](https://min.io/signup?ref=con)<br>[https://min.io/signup?ref=mc](https://min.io/signup?ref=mc)<br>[https://min.io/subscriptionclient/coordinator](https://min.io/subscriptionclient/coordinator)<br>[https://min.io/videos?ref=con](https://min.io/videos?ref=con)<br>[https://minio.example.com](https://minio.example.com)<br>[https://moment.github.io/luxon/](https://moment.github.io/luxon/)<br>[https://nodejs.org/api/http.html](https://nodejs.org/api/http.html)<br>[https://notify.endpoint](https://notify.endpoint)<br>[https://oauth2.googleapis.com/device/codeauth](https://oauth2.googleapis.com/device/codeauth)<br>[https://oauth2.googleapis.com/tokenoauth2/google](https://oauth2.googleapis.com/tokenoauth2/google)<br>[https://oauth2.mtls.googleapis.com/tokenedwards25519](https://oauth2.mtls.googleapis.com/tokenedwards25519)<br>[https://ossrdbms-aad.database.chinacloudapi.cnhttps](https://ossrdbms-aad.database.chinacloudapi.cnhttps)<br>[https://ossrdbms-aad.database.cloudapi.decloud.google.com/go/storage.Buck](https://ossrdbms-aad.database.cloudapi.decloud.google.com/go/storage.Buck)<br>[https://ossrdbms-aad.database.usgovcloudapi.nethttps](https://ossrdbms-aad.database.usgovcloudapi.nethttps)<br>[https://ossrdbms-aad.database.windows.nethttps](https://ossrdbms-aad.database.windows.nethttps)<br>[https://pkg.go.dev/cloud.google.com/go/storage](https://pkg.go.dev/cloud.google.com/go/storage)<br>[https://play.min.ioparsing](https://play.min.ioparsing)<br>[https://polyfill.io/v3/](https://polyfill.io/v3/)<br>[https://protobuf.dev/reference/go/faq](https://protobuf.dev/reference/go/faq)<br>[https://rawgit.com/w3c/input-events/v1/index.html](https://rawgit.com/w3c/input-events/v1/index.html)<br>[https://reactcommunity.org/react-transition-group/css-transition](https://reactcommunity.org/react-transition-group/css-transition)<br>[https://reactjs.org/docs/error-decoder.html?invariant=](https://reactjs.org/docs/error-decoder.html?invariant=)<br>[https://reactjs.org/docs/events.html](https://reactjs.org/docs/events.html)<br>[https://reactjs.org/docs/hooks-reference.html](https://reactjs.org/docs/hooks-reference.html)<br>[https://reactrouter.com/components/navigate](https://reactrouter.com/components/navigate)<br>[https://reactrouter.com/components/outlet](https://reactrouter.com/components/outlet)<br>[https://reactrouter.com/components/routes](https://reactrouter.com/components/routes)<br>[https://reactrouter.com/hooks/use-href](https://reactrouter.com/hooks/use-href)<br>[https://reactrouter.com/hooks/use-in-router-context](https://reactrouter.com/hooks/use-in-router-context)<br>[https://reactrouter.com/hooks/use-location](https://reactrouter.com/hooks/use-location)<br>[https://reactrouter.com/hooks/use-match](https://reactrouter.com/hooks/use-match)<br>[https://reactrouter.com/hooks/use-navigate](https://reactrouter.com/hooks/use-navigate)<br>[https://reactrouter.com/hooks/use-navigation-type](https://reactrouter.com/hooks/use-navigation-type)<br>[https://reactrouter.com/hooks/use-outlet-context](https://reactrouter.com/hooks/use-outlet-context)<br>[https://reactrouter.com/hooks/use-params](https://reactrouter.com/hooks/use-params)<br>[https://reactrouter.com/hooks/use-resolved-path](https://reactrouter.com/hooks/use-resolved-path)<br>[https://reactrouter.com/hooks/use-routes](https://reactrouter.com/hooks/use-routes)<br>[https://reactrouter.com/router-components/memory-router](https://reactrouter.com/router-components/memory-router)<br>[https://reactrouter.com/router-components/router](https://reactrouter.com/router-components/router)<br>[https://reactrouter.com/routers/picking-a-router.](https://reactrouter.com/routers/picking-a-router.)<br>[https://reactrouter.com/utils/create-routes-from-children](https://reactrouter.com/utils/create-routes-from-children)<br>[https://reactrouter.com/utils/generate-path](https://reactrouter.com/utils/generate-path)<br>[https://reactrouter.com/utils/match-path](https://reactrouter.com/utils/match-path)<br>[https://reactrouter.com/utils/match-routes](https://reactrouter.com/utils/match-routes)<br>[https://reactrouter.com/utils/resolve-path](https://reactrouter.com/utils/resolve-path)<br>[https://redux-toolkit.js.org/api/createReducer](https://redux-toolkit.js.org/api/createReducer)<br>[https://redux-toolkit.js.org/api/createSlice](https://redux-toolkit.js.org/api/createSlice)<br>[https://redux-toolkit.js.org/api/getDefaultMiddleware](https://redux-toolkit.js.org/api/getDefaultMiddleware)<br>[https://redux.js.org/Errors?code=](https://redux.js.org/Errors?code=)<br>[https://redux.js.org/api/store](https://redux.js.org/api/store)<br>[https://redux.js.org/introduction/why-rtk-is-redux-today](https://redux.js.org/introduction/why-rtk-is-redux-today)<br>[https://redux.js.org/tutorials/fundamentals/part-4-store](https://redux.js.org/tutorials/fundamentals/part-4-store)<br>[https://redux.js.org/tutorials/fundamentals/part-6-async-logic](https://redux.js.org/tutorials/fundamentals/part-6-async-logic)<br>[https://redux.js.org/usage/deriving-data-selectors](https://redux.js.org/usage/deriving-data-selectors)<br>[https://s-c.sh/2BAXzed](https://s-c.sh/2BAXzed)<br>[https://s3.amazonaws.com/v3/info-service-account](https://s3.amazonaws.com/v3/info-service-account)<br>[https://s3.amazonaws.comignores](https://s3.amazonaws.comignores)<br>[https://searchfox.org/mozilla-central/rev/4a590a5a15e35d88a3b23dd6ac3c471](https://searchfox.org/mozilla-central/rev/4a590a5a15e35d88a3b23dd6ac3c471)<br>[https://servicebus.azure.net/https](https://servicebus.azure.net/https)<br>[https://servicebus.chinacloudapi.cn/https](https://servicebus.chinacloudapi.cn/https)<br>[https://servicebus.cloudapi.de/https](https://servicebus.cloudapi.de/https)<br>[https://servicebus.usgovcloudapi.net/https](https://servicebus.usgovcloudapi.net/https)<br>[https://servicebus.windows.net/https](https://servicebus.windows.net/https)<br>[https://slack.min.ioMINIO_API_REPLICATION_WORKERS](https://slack.min.ioMINIO_API_REPLICATION_WORKERS)<br>[https://spec.commonmark.org/0.30/](https://spec.commonmark.org/0.30/)<br>[https://stackoverflow.com/a/25340456](https://stackoverflow.com/a/25340456)<br>[https://stackoverflow.com/a/51127130/4671932](https://stackoverflow.com/a/51127130/4671932)<br>[https://stackoverflow.com/questions/13382516/getting-scroll-bar-width-usi](https://stackoverflow.com/questions/13382516/getting-scroll-bar-width-usi)<br>[https://stackoverflow.com/questions/588004/is-floating-point-math-broken](https://stackoverflow.com/questions/588004/is-floating-point-math-broken)<br>[https://stackoverflow.com/questions/59694142/regex-testvalue-returns-true](https://stackoverflow.com/questions/59694142/regex-testvalue-returns-true)<br>[https://storage.UNIVERSE_DOMAIN/storage/v1/gccl-invocation-id/](https://storage.UNIVERSE_DOMAIN/storage/v1/gccl-invocation-id/)<br>[https://storage.azure.com/database.usgovcloudapi.netcloudapp.usgovcloudap](https://storage.azure.com/database.usgovcloudapi.netcloudapp.usgovcloudap)<br>[https://storage.googleapis.com/duplicate](https://storage.googleapis.com/duplicate)<br>[https://storage.googleapis.com/storage/v1/b/](https://storage.googleapis.com/storage/v1/b/)<br>[https://storage.mtls.googleapis.com/storage/v1/storage](https://storage.mtls.googleapis.com/storage/v1/storage)<br>[https://sts.UNIVERSE_DOMAIN/v1/tokenurn](https://sts.UNIVERSE_DOMAIN/v1/tokenurn)<br>[https://sts.amazonaws.com/doc/2011-06-15/](https://sts.amazonaws.com/doc/2011-06-15/)<br>[https://sts.amazonaws.comblake2b](https://sts.amazonaws.comblake2b)<br>[https://sts.reset](https://sts.reset)<br>[https://subnet.min.io/?ref=con](https://subnet.min.io/?ref=con)<br>[https://subnet.min.io/cluster/register?token=](https://subnet.min.io/cluster/register?token=)<br>[https://subnet.min.io/terms-and-conditions/](https://subnet.min.io/terms-and-conditions/)<br>[https://subnet.min.iohttp](https://subnet.min.iohttp)<br>[https://tools.ietf.org/html/rfc2324](https://tools.ietf.org/html/rfc2324)<br>[https://tools.ietf.org/html/rfc2518](https://tools.ietf.org/html/rfc2518)<br>[https://tools.ietf.org/html/rfc5322](https://tools.ietf.org/html/rfc5322)<br>[https://tools.ietf.org/html/rfc6585](https://tools.ietf.org/html/rfc6585)<br>[https://tools.ietf.org/html/rfc7231](https://tools.ietf.org/html/rfc7231)<br>[https://tools.ietf.org/html/rfc7232](https://tools.ietf.org/html/rfc7232)<br>[https://tools.ietf.org/html/rfc7233](https://tools.ietf.org/html/rfc7233)<br>[https://tools.ietf.org/html/rfc7235](https://tools.ietf.org/html/rfc7235)<br>[https://tools.ietf.org/html/rfc7538](https://tools.ietf.org/html/rfc7538)<br>[https://tools.ietf.org/html/rfc7725](https://tools.ietf.org/html/rfc7725)<br>[https://tools.ietf.org/rfcdiff?difftype=--hwdiff](https://tools.ietf.org/rfcdiff?difftype=--hwdiff)<br>[https://twitter.com/dan_abramov/status/770914221638942720](https://twitter.com/dan_abramov/status/770914221638942720)<br>[https://unpkg.com/detect-gpu@5.0.38/dist/benchmarks](https://unpkg.com/detect-gpu@5.0.38/dist/benchmarks)<br>[https://unpkg.com/rapidoc/dist/rapidoc-min.jsdisplay](https://unpkg.com/rapidoc/dist/rapidoc-min.jsdisplay)<br>[https://unpkg.com/swagger-ui-dist/favicon-16x16.pnghttps](https://unpkg.com/swagger-ui-dist/favicon-16x16.pnghttps)<br>[https://unpkg.com/swagger-ui-dist/favicon-32x32.pngadditionally](https://unpkg.com/swagger-ui-dist/favicon-32x32.pngadditionally)<br>[https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.jsfactor](https://unpkg.com/swagger-ui-dist/swagger-ui-bundle.jsfactor)<br>[https://unpkg.com/swagger-ui-dist/swagger-ui-standalone-preset.jsunable](https://unpkg.com/swagger-ui-dist/swagger-ui-standalone-preset.jsunable)<br>[https://unpkg.com/swagger-ui-dist/swagger-ui.cssunexpected](https://unpkg.com/swagger-ui-dist/swagger-ui.cssunexpected)<br>[https://vault.azure.cn/vault.microsoftazure.deRetentionExpirationTimerete](https://vault.azure.cn/vault.microsoftazure.deRetentionExpirationTimerete)<br>[https://vault.azure.cnazuretrafficmanager.deservicebus.cloudapi.deAZUREUS](https://vault.azure.cnazuretrafficmanager.deservicebus.cloudapi.deAZUREUS)<br>[https://vault.azure.net/mysql.database.azure.comhttps](https://vault.azure.net/mysql.database.azure.comhttps)<br>[https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttp](https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttp)<br>[https://vault.microsoftazure.de/reflect](https://vault.microsoftazure.de/reflect)<br>[https://vault.microsoftazure.dereflect](https://vault.microsoftazure.dereflect)<br>[https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttp](https://vault.usgovcloudapi.net/mysql.database.usgovcloudapi.nethttp)<br>[https://vault.usgovcloudapi.nethttps](https://vault.usgovcloudapi.nethttps)<br>[https://vecta.io/nano](https://vecta.io/nano)<br>[https://warm-minio-1.com](https://warm-minio-1.com)<br>[https://warm-minio-2.com](https://warm-minio-2.com)<br>[https://warm-minio.com](https://warm-minio.com)<br>[https://www.electronjs.org/docs/api/process](https://www.electronjs.org/docs/api/process)<br>[https://www.fsf.org/](https://www.fsf.org/)<br>[https://www.gnu.org/licenses/agpl-3.0.en.html](https://www.gnu.org/licenses/agpl-3.0.en.html)<br>[https://www.gnu.org/licenses/agpl-3.0.html.](https://www.gnu.org/licenses/agpl-3.0.html.)<br>[https://www.gnu.org/licenses/agpl-3.0.htmlTotal](https://www.gnu.org/licenses/agpl-3.0.htmlTotal)<br>[https://www.gnu.org/licenses/agpl-3.0.txt](https://www.gnu.org/licenses/agpl-3.0.txt)<br>[https://www.gnu.org/licenses/gpl-faq.en.html](https://www.gnu.org/licenses/gpl-faq.en.html)<br>[https://www.googleapis.com/auth/cloud-platform.read-onlyduration](https://www.googleapis.com/auth/cloud-platform.read-onlyduration)<br>[https://www.googleapis.com/auth/cloud-platformstorage](https://www.googleapis.com/auth/cloud-platformstorage)<br>[https://www.googleapis.com/auth/devstorage.full_controlstorage](https://www.googleapis.com/auth/devstorage.full_controlstorage)<br>[https://www.googleapis.com/auth/devstorage.read_onlyfailed](https://www.googleapis.com/auth/devstorage.read_onlyfailed)<br>[https://www.googleapis.com/auth/devstorage.read_writeB](https://www.googleapis.com/auth/devstorage.read_writeB)<br>[https://www.googleapis.com/auth/devstorage.read_writeinsufficient](https://www.googleapis.com/auth/devstorage.read_writeinsufficient)<br>[https://www.linuxfoundation.org/hs-fs/hubfs/trademark-kubernetes-icon-cor](https://www.linuxfoundation.org/hs-fs/hubfs/trademark-kubernetes-icon-cor)<br>[https://www.particleincell.com/2012/bezier-splines/](https://www.particleincell.com/2012/bezier-splines/)<br>[https://www.rfc-editor.org/rfc/rfc8297](https://www.rfc-editor.org/rfc/rfc8297)<br>[https://www.robotstxt.org/robotstxt.html](https://www.robotstxt.org/robotstxt.html)<br>[https://www.styled-components.com/docs/advanced](https://www.styled-components.com/docs/advanced)<br>[https://www.styled-components.com/docs/basics](https://www.styled-components.com/docs/basics)<br>[https://www.typescriptlang.org/docs/handbook/2/narrowing.html](https://www.typescriptlang.org/docs/handbook/2/narrowing.html)<br>[https://www.unicode.org/versions/](https://www.unicode.org/versions/)<br>[https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html](https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html)<br>[https://www.w3.org/TR/SVG11/filters.html](https://www.w3.org/TR/SVG11/filters.html)<br>[https://www.w3.org/TR/WCAG20/](https://www.w3.org/TR/WCAG20/)<br>[https://www.w3.org/TR/css-color-4/](https://www.w3.org/TR/css-color-4/)<br>[https://www.w3.org/TR/cssom-1/](https://www.w3.org/TR/cssom-1/)<br>[https://www.w3.org/wiki/HTML/Elements/input/file](https://www.w3.org/wiki/HTML/Elements/input/file)<br>[https://www.youtube.com/watch?v=-PjTSwLB8ZA](https://www.youtube.com/watch?v=-PjTSwLB8ZA)<br>[https://www.youtube.com/watch?v=0PgMxz0HauA](https://www.youtube.com/watch?v=0PgMxz0HauA)<br>[https://www.youtube.com/watch?v=5fz3rE3wjGg](https://www.youtube.com/watch?v=5fz3rE3wjGg)<br>[https://www.youtube.com/watch?v=5ptKrZzOs4c](https://www.youtube.com/watch?v=5ptKrZzOs4c)<br>[https://www.youtube.com/watch?v=7EJO_iRiB2s](https://www.youtube.com/watch?v=7EJO_iRiB2s)<br>[https://www.youtube.com/watch?v=89vnToCcoAw](https://www.youtube.com/watch?v=89vnToCcoAw)<br>[https://www.youtube.com/watch?v=A3vCDaFWNNs](https://www.youtube.com/watch?v=A3vCDaFWNNs)<br>[https://www.youtube.com/watch?v=BLTlaOvVCSg](https://www.youtube.com/watch?v=BLTlaOvVCSg)<br>[https://www.youtube.com/watch?v=CrBjB7vbI7M](https://www.youtube.com/watch?v=CrBjB7vbI7M)<br>[https://www.youtube.com/watch?v=Exg2KsfzHzI](https://www.youtube.com/watch?v=Exg2KsfzHzI)<br>[https://www.youtube.com/watch?v=G4wQZEsIxcU](https://www.youtube.com/watch?v=G4wQZEsIxcU)<br>[https://www.youtube.com/watch?v=Hk9Z-sltUu8](https://www.youtube.com/watch?v=Hk9Z-sltUu8)<br>[https://www.youtube.com/watch?v=Iz8ChZ7FRrw](https://www.youtube.com/watch?v=Iz8ChZ7FRrw)<br>[https://www.youtube.com/watch?v=KiWWVgfuulU](https://www.youtube.com/watch?v=KiWWVgfuulU)<br>[https://www.youtube.com/watch?v=Oix9iXndSUY](https://www.youtube.com/watch?v=Oix9iXndSUY)<br>[https://www.youtube.com/watch?v=QniHMNNmbfI](https://www.youtube.com/watch?v=QniHMNNmbfI)<br>[https://www.youtube.com/watch?v=UGROqu7mYJs](https://www.youtube.com/watch?v=UGROqu7mYJs)<br>[https://www.youtube.com/watch?v=UuxqnUgowyg](https://www.youtube.com/watch?v=UuxqnUgowyg)<br>[https://www.youtube.com/watch?v=XGOiwV6Cbuk](https://www.youtube.com/watch?v=XGOiwV6Cbuk)<br>[https://www.youtube.com/watch?v=XUuJZVK-Wpw](https://www.youtube.com/watch?v=XUuJZVK-Wpw)<br>[https://www.youtube.com/watch?v=Yh_1grPSBjw](https://www.youtube.com/watch?v=Yh_1grPSBjw)<br>[https://www.youtube.com/watch?v=Zyc-xhNcPco](https://www.youtube.com/watch?v=Zyc-xhNcPco)<br>[https://www.youtube.com/watch?v=_ZEjm4bPgVI](https://www.youtube.com/watch?v=_ZEjm4bPgVI)<br>[https://www.youtube.com/watch?v=bZsNxeuzmYc](https://www.youtube.com/watch?v=bZsNxeuzmYc)<br>[https://www.youtube.com/watch?v=dLSBuVG7Y3k](https://www.youtube.com/watch?v=dLSBuVG7Y3k)<br>[https://www.youtube.com/watch?v=iCxcv4_j35M](https://www.youtube.com/watch?v=iCxcv4_j35M)<br>[https://www.youtube.com/watch?v=mv8I1wvTCrE](https://www.youtube.com/watch?v=mv8I1wvTCrE)<br>[https://www.youtube.com/watch?v=nFUI2N5zH34](https://www.youtube.com/watch?v=nFUI2N5zH34)<br>[https://www.youtube.com/watch?v=sJEFAVqoKr0](https://www.youtube.com/watch?v=sJEFAVqoKr0)<br>[https://www.youtube.com/watch?v=thNus-DL1u4](https://www.youtube.com/watch?v=thNus-DL1u4)<br>[https://www.youtube.com/watch?v=vdHv9wfhu24](https://www.youtube.com/watch?v=vdHv9wfhu24)<br>[https://www.youtube.com/watch?v=z2bRoMrQxv0](https://www.youtube.com/watch?v=z2bRoMrQxv0)<br>[https://www.youtube.com/watch?v=zqjsw4O2-4U](https://www.youtube.com/watch?v=zqjsw4O2-4U) |
+| LOW | [net/url/parse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/parse.yara#url_handle) | Handles URL strings | [RequestURI](https://github.com/search?q=RequestURI&type=code)<br>[new URL](https://github.com/search?q=new+URL&type=code) |
+| LOW | [os/env/get](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/env/get.yara#get_env_val) | Retrieve environment variable values | [env.ANSIC](https://github.com/search?q=env.ANSIC&type=code)<br>[env.NODE](https://github.com/search?q=env.NODE&type=code)<br>[env.PUBLIC](https://github.com/search?q=env.PUBLIC&type=code)<br>[env.REACT](https://github.com/search?q=env.REACT&type=code)<br>[env.RGBC](https://github.com/search?q=env.RGBC&type=code) |
+| LOW | [os/fd/epoll](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/fd/epoll.yara#epoll) | [I/O event notification facility](https://linux.die.net/man/7/epoll) | [epoll_wait](https://github.com/search?q=epoll_wait&type=code) |
+| LOW | [os/fd/read](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/fd/read.yara#py_fd_read) | reads from a file handle | [Ht(e.read()](https://github.com/search?q=Ht%28e.read%28%29&type=code)<br>[Lt(e.read()](https://github.com/search?q=Lt%28e.read%28%29&type=code)<br>[_fullReader.read()](https://github.com/search?q=_fullReader.read%28%29&type=code)<br>[_readableStream.read()](https://github.com/search?q=_readableStream.read%28%29&type=code)<br>[_reader.read()](https://github.com/search?q=_reader.read%28%29&type=code)<br>[d.read()](https://github.com/search?q=d.read%28%29&type=code)<br>[i.read()](https://github.com/search?q=i.read%28%29&type=code)<br>[this).read()](https://github.com/search?q=this%29.read%28%29&type=code)<br>[this.read()](https://github.com/search?q=this.read%28%29&type=code) |
+| LOW | [os/fd/sendfile](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/fd/sendfile.yara#sendfile) | [transfer data between file descriptors](https://man7.org/linux/man-pages/man2/sendfile.2.html) | [sendfile](https://github.com/search?q=sendfile&type=code)<br>[syscall.Sendfile](https://github.com/search?q=syscall.Sendfile&type=code) |
+| LOW | [os/fd/write](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/fd/write.yara#py_fd_write) | writes to a file handle | [H.write(B)](https://github.com/search?q=H.write%28B%29&type=code)<br>[childFlow.write(stream)](https://github.com/search?q=childFlow.write%28stream%29&type=code)<br>[document.write(n)](https://github.com/search?q=document.write%28n%29&type=code)<br>[e.write(A)](https://github.com/search?q=e.write%28A%29&type=code)<br>[e.write(r)](https://github.com/search?q=e.write%28r%29&type=code)<br>[i.write(u)](https://github.com/search?q=i.write%28u%29&type=code)<br>[internal.write(B)](https://github.com/search?q=internal.write%28B%29&type=code)<br>[internal.write(n)](https://github.com/search?q=internal.write%28n%29&type=code)<br>[o.write(t)](https://github.com/search?q=o.write%28t%29&type=code)<br>[r.write(d)](https://github.com/search?q=r.write%28d%29&type=code)<br>[r.write(s)](https://github.com/search?q=r.write%28s%29&type=code)<br>[t.write(a)](https://github.com/search?q=t.write%28a%29&type=code)<br>[tokenizer.write(stream)](https://github.com/search?q=tokenizer.write%28stream%29&type=code) |
+| LOW | [os/kernel/netlink](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/kernel/netlink.yara#netlink) | communicate with kernel services | [netlink](https://github.com/search?q=netlink&type=code) |
+| LOW | [os/time/tzinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/time/tzinfo.yara#tzinfo) | Uses timezone information | [tzdata](https://github.com/search?q=tzdata&type=code) |
+| LOW | [process/chroot](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/chroot.yara#chroot) | change the location of root for the process | [chroot](https://github.com/search?q=chroot&type=code) |
+| LOW | [process/groups_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/groups-set.yara#setgroups) | set group access list | [setgroups](https://github.com/search?q=setgroups&type=code) |
+
diff --git a/tests/linux/clean/misp_sample.ndjson.log.simple b/tests/linux/clean/misp_sample.ndjson.log.simple
index e69de29bb..d19ddfdd2 100644
--- a/tests/linux/clean/misp_sample.ndjson.log.simple
+++ b/tests/linux/clean/misp_sample.ndjson.log.simple
@@ -0,0 +1,15 @@
+# linux/clean/misp_sample.ndjson.log: high
+c2/addr/ip: medium
+c2/tool_transfer/download: high
+c2/tool_transfer/os: low
+crypto/aes: low
+crypto/decrypt: low
+evasion/rootkit/refs: high
+exec/shell/command: medium
+false-positives/filebeat: low
+impact/ransom/decryptor: medium
+impact/remote_access/backdoor: medium
+malware/ref: medium
+net/ip/host_port: medium
+net/url/embedded: medium
+os/fd/multiplex: low
diff --git a/tests/linux/clean/neuvector_agent_aarch64.md b/tests/linux/clean/neuvector_agent_aarch64.md
index e69de29bb..b2d77965a 100644
--- a/tests/linux/clean/neuvector_agent_aarch64.md
+++ b/tests/linux/clean/neuvector_agent_aarch64.md
@@ -0,0 +1,152 @@
+## linux/clean/neuvector_agent_aarch64 [🟡 MEDIUM]
+
+| RISK | KEY | DESCRIPTION | EVIDENCE |
+|--|--|--|--|
+| MEDIUM | [c2/addr/ip](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/ip.yara#ip_port_mention) | mentions an IP and port | [IP](https://github.com/search?q=IP&type=code)<br>[add_port](https://github.com/search?q=add_port&type=code)<br>[attachPort](https://github.com/search?q=attachPort&type=code)<br>[clientPort](https://github.com/search?q=clientPort&type=code)<br>[cluster_ip](https://github.com/search?q=cluster_ip&type=code)<br>[del_port](https://github.com/search?q=del_port&type=code)<br>[detachPort](https://github.com/search?q=detachPort&type=code)<br>[dstPort](https://github.com/search?q=dstPort&type=code)<br>[dst_ip](https://github.com/search?q=dst_ip&type=code)<br>[dst_port](https://github.com/search?q=dst_port&type=code)<br>[exPort](https://github.com/search?q=exPort&type=code)<br>[fqdn_ip](https://github.com/search?q=fqdn_ip&type=code)<br>[global_ip](https://github.com/search?q=global_ip&type=code)<br>[hasPort](https://github.com/search?q=hasPort&type=code)<br>[hostIp](https://github.com/search?q=hostIp&type=code)<br>[hostPort](https://github.com/search?q=hostPort&type=code)<br>[host_ip](https://github.com/search?q=host_ip&type=code)<br>[host_port](https://github.com/search?q=host_port&type=code)<br>[inPort](https://github.com/search?q=inPort&type=code)<br>[in_port](https://github.com/search?q=in_port&type=code)<br>[ipPort](https://github.com/search?q=ipPort&type=code)<br>[ip_port](https://github.com/search?q=ip_port&type=code)<br>[lIp](https://github.com/search?q=lIp&type=code)<br>[local_ip](https://github.com/search?q=local_ip&type=code)<br>[local_port](https://github.com/search?q=local_port&type=code)<br>[lookupPort](https://github.com/search?q=lookupPort&type=code)<br>[nat_ip](https://github.com/search?q=nat_ip&type=code)<br>[nat_port](https://github.com/search?q=nat_port&type=code)<br>[nfq_port](https://github.com/search?q=nfq_port&type=code)<br>[pIp](https://github.com/search?q=pIp&type=code)<br>[parsePort](https://github.com/search?q=parsePort&type=code)<br>[readPort](https://github.com/search?q=readPort&type=code)<br>[remote_ip](https://github.com/search?q=remote_ip&type=code)<br>[remote_port](https://github.com/search?q=remote_port&type=code)<br>[rpcPort](https://github.com/search?q=rpcPort&type=code)<br>[serverPort](https://github.com/search?q=serverPort&type=code)<br>[server_port](https://github.com/search?q=server_port&type=code)<br>[srcPort](https://github.com/search?q=srcPort&type=code)<br>[src_ip](https://github.com/search?q=src_ip&type=code)<br>[src_port](https://github.com/search?q=src_port&type=code)<br>[srvc_port](https://github.com/search?q=srvc_port&type=code)<br>[syslog_ip](https://github.com/search?q=syslog_ip&type=code)<br>[syslog_port](https://github.com/search?q=syslog_port&type=code)<br>[tap_port](https://github.com/search?q=tap_port&type=code)<br>[unkn_ip](https://github.com/search?q=unkn_ip&type=code)<br>[unknown_ip](https://github.com/search?q=unknown_ip&type=code) |
+| MEDIUM | [c2/addr/server](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/addr/server.yara#server_address) | references a 'server address', possible C2 client | [extensionserverAddressByClientCIDRsdeletionGracePer](https://github.com/search?q=extensionserverAddressByClientCIDRsdeletionGracePer&type=code)<br>[preconditionsserverAddressincludeObjectfieldSelectorman](https://github.com/search?q=preconditionsserverAddressincludeObjectfieldSelectorman&type=code)<br>[server_address](https://github.com/search?q=server_address&type=code) |
+| MEDIUM | [c2/client](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/client.yara#clientID) | contains a client ID | [clientID](https://github.com/search?q=clientID&type=code)<br>[client_id](https://github.com/search?q=client_id&type=code) |
+| MEDIUM | [c2/tool_transfer/os](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/os.yara#multiple_os_ref) | references multiple operating systems | [Linux](https://github.com/search?q=Linux&type=code)<br>[Windows](https://github.com/search?q=Windows&type=code)<br>[http://](http://)<br>[https://](https://) |
+| MEDIUM | [collect/archives/zip](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/archives/zip.yara#zip) | Works with zip files | [archive/zip](https://github.com/search?q=archive%2Fzip&type=code) |
+| MEDIUM | [collect/databases/mysql](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/databases/mysql.yara#mysql) | accesses MySQL databases | [mysql](https://github.com/search?q=mysql&type=code) |
+| MEDIUM | [collect/databases/postgresql](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/databases/postgresql.yara#postgresql) | accesses PostgreSQL databases | [postgresql](https://github.com/search?q=postgresql&type=code) |
+| MEDIUM | [collect/databases/sqlite](https://github.com/chainguard-dev/malcontent/blob/main/rules/collect/databases/sqlite.yara#sqlite) | accesses SQLite databases | [sqlite3](https://github.com/search?q=sqlite3&type=code) |
+| MEDIUM | [credential/os/shadow](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/os/shadow.yara#etc_shadow) | accesses /etc/shadow | [/etc/shadow](https://github.com/search?q=%2Fetc%2Fshadow&type=code) |
+| MEDIUM | [credential/sniffer/bpf](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/sniffer/bpf.yara#sniffer_bpf) | BPF (Berkeley Packet Filter) | [bpf](https://github.com/search?q=bpf&type=code) |
+| MEDIUM | [credential/ssh](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/ssh/ssh.yara#ssh_folder) | [accesses SSH configuration and/or keys](https://www.sentinelone.com/blog/macos-malware-2023-a-deep-dive-into-emerging-trends-and-evolving-techniques/) | [.ssh/usr/local/binFA](https://github.com/search?q=.ssh%2Fusr%2Flocal%2FbinFA&type=code) |
+| MEDIUM | [crypto/blockchain](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/blockchain.yara#blockchain) | blockchain | [blockchain](https://github.com/search?q=blockchain&type=code) |
+| MEDIUM | [crypto/cipher](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/cipher.yara#ciphertext) | mentions 'ciphertext' | [ciphertext](https://github.com/search?q=ciphertext&type=code) |
+| MEDIUM | [crypto/encrypt](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/encrypt.yara#encrypt) | encrypts data | [EncryptPKCS1v15](https://github.com/search?q=EncryptPKCS1v15&type=code)<br>[EncryptTicket](https://github.com/search?q=EncryptTicket&type=code)<br>[NewCBCEncrypter](https://github.com/search?q=NewCBCEncrypter&type=code)<br>[cbcEncrypter](https://github.com/search?q=cbcEncrypter&type=code)<br>[d PSK binderQUICEncryptionLevel](https://github.com/search?q=d+PSK+binderQUICEncryptionLevel&type=code) |
+| MEDIUM | [data/embedded/html](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/embedded/embedded-html.yara#html) | Contains HTML content | [<html>](https://github.com/search?q=%3Chtml%3E&type=code) |
+| MEDIUM | [discover/network/mac_address](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/mac-address.yara#macaddr) | Retrieves network MAC address | [MAC address](https://github.com/search?q=MAC+address&type=code)<br>[macAddress](https://github.com/search?q=macAddress&type=code) |
+| MEDIUM | [discover/network/netstat](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/network/netstat.yara#netstat) | Uses 'netstat' for network information | [netstatmodinfonil keyde](https://github.com/search?q=netstatmodinfonil+keyde&type=code) |
+| MEDIUM | [discover/process/name](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/process/name.yara#process_name) | get the current process name | [process_name](https://github.com/search?q=process_name&type=code) |
+| MEDIUM | [discover/system/sysinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/sysinfo.yara#sysinfo) | [get system information (load, swap)](https://man7.org/linux/man-pages/man2/sysinfo.2.html) | [sysinfo](https://github.com/search?q=sysinfo&type=code) |
+| MEDIUM | [evasion/bypass_security/linux/iptables](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/bypass_security/linux/iptables.yara#iptables) | [interacts with the iptables firewall](https://www.netfilter.org/projects/iptables/) | [iptables](https://github.com/search?q=iptables&type=code) |
+| MEDIUM | [evasion/file/location/var_run](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/file/location/var-run.yara#var_run_subfolder) | references subfolder within /var/run | [/var/run/crio/](https://github.com/search?q=%2Fvar%2Frun%2Fcrio%2F&type=code)<br>[/var/run/docker.sock/](https://github.com/search?q=%2Fvar%2Frun%2Fdocker.sock%2F&type=code)<br>[/var/run/dockershim.sock/](https://github.com/search?q=%2Fvar%2Frun%2Fdockershim.sock%2F&type=code)<br>[/var/run/openvswitch/](https://github.com/search?q=%2Fvar%2Frun%2Fopenvswitch%2F&type=code)<br>[/var/run/secrets/](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2F&type=code) |
+| MEDIUM | [evasion/file/prefix](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/file/prefix/prefix.yara#static_hidden_path) | hidden path in a system directory | [/meminfo/etc/timezone/dev/.udev](https://github.com/search?q=%2Fmeminfo%2Fetc%2Ftimezone%2Fdev%2F.udev&type=code)<br>[/usr/local/bin/.nvcontainerRunnin](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2F.nvcontainerRunnin&type=code) |
+| MEDIUM | [exec/cmd](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/cmd/cmd.yara#exec) | executes a command | [evaluateRuntimeCmd](https://github.com/search?q=evaluateRuntimeCmd&type=code)<br>[isAllowIpRuntimeCommand](https://github.com/search?q=isAllowIpRuntimeCommand&type=code)<br>[isAllowRuncInitCommand](https://github.com/search?q=isAllowRuncInitCommand&type=code) |
+| MEDIUM | [exec/program](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/program/program.yara#exec_cmd_run) | executes external programs | [).CombinedOutput](https://github.com/search?q=%29.CombinedOutput&type=code)<br>[exec.(*Cmd).Run](https://github.com/search?q=exec.%28%2ACmd%29.Run&type=code) |
+| MEDIUM | [exec/shell/exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/exec.yara#calls_shell) | executes shell | [/bin/bash](https://github.com/search?q=%2Fbin%2Fbash&type=code)<br>[/bin/dash](https://github.com/search?q=%2Fbin%2Fdash&type=code)<br>[/bin/sh](https://github.com/search?q=%2Fbin%2Fsh&type=code) |
+| MEDIUM | [exec/system_controls/apparmor](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/system_controls/apparmor.yara#apparmor) | Mentions 'apparmor' | [apparmor](https://github.com/search?q=apparmor&type=code) |
+| MEDIUM | [exfil/upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/exfil/upload.yara#dropbox_disk_user) | uses DropBox for cloud storage | [Dropbox](https://github.com/search?q=Dropbox&type=code) |
+| MEDIUM | [fs/attributes/set](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/attributes/set.yara#set_xattr) | [set an extended file attribute value](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/setxattr.2.html) | [setxattr](https://github.com/search?q=setxattr&type=code) |
+| MEDIUM | [fs/file/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-create.yara#CreateFile) | create a new file | [CreateFileMode](https://github.com/search?q=CreateFileMode&type=code) |
+| MEDIUM | [fs/file/times_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-times-set.yara#utimes) | [change file last access and modification times](https://linux.die.net/man/2/utimes) | [utimes](https://github.com/search?q=utimes&type=code) |
+| MEDIUM | [fs/loopback](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/loopback.yara#dev_loopback) | access virtual block devices (loopback) | [/dev/loop%dfusermount3low](https://github.com/search?q=%2Fdev%2Floop%25dfusermount3low&type=code) |
+| MEDIUM | [fs/path/etc_hosts](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc-hosts.yara#etc_hosts) | references /etc/hosts | [/etc/hosts](https://github.com/search?q=%2Fetc%2Fhosts&type=code) |
+| MEDIUM | [fs/path/root](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/root.yara#root_path_val) | path reference within /root | [/root/%shostLookupOrder](https://github.com/search?q=%2Froot%2F%25shostLookupOrder&type=code)<br>[/root//proc/self/cgroup1192092895507812559604644775390625invalid](https://github.com/search?q=%2Froot%2F%2Fproc%2Fself%2Fcgroup1192092895507812559604644775390625invalid&type=code)<br>[/root/0x%08xcountsAliyunD.2.14D.3.10D.3.11D.3.12D.3.13D.3.14D.3.15D.3.](https://github.com/search?q=%2Froot%2F0x%2508xcountsAliyunD.2.14D.3.10D.3.11D.3.12D.3.13D.3.14D.3.15D.3.&type=code)<br>[/root/Switch](https://github.com/search?q=%2Froot%2FSwitch&type=code)<br>[/root/containers](https://github.com/search?q=%2Froot%2Fcontainers&type=code)<br>[/root/etc/crio/crio.conf.d/00-default.confUnable](https://github.com/search?q=%2Froot%2Fetc%2Fcrio%2Fcrio.conf.d%2F00-default.confUnable&type=code)<br>[/root/etc/crio/crio.conf.d/00-defaultRunning](https://github.com/search?q=%2Froot%2Fetc%2Fcrio%2Fcrio.conf.d%2F00-defaultRunning&type=code)<br>[/root/etc/crio/crio.conf/run/containerd/containerd.sockDirectory](https://github.com/search?q=%2Froot%2Fetc%2Fcrio%2Fcrio.conf%2Frun%2Fcontainerd%2Fcontainerd.sockDirectory&type=code)<br>[/root/etc/hostnameusr/lib/os-releaseetc/centos-releaseetc/redhat-relea](https://github.com/search?q=%2Froot%2Fetc%2Fhostnameusr%2Flib%2Fos-releaseetc%2Fcentos-releaseetc%2Fredhat-relea&type=code)<br>[/root/etc/hostsImage](https://github.com/search?q=%2Froot%2Fetc%2FhostsImage&type=code)<br>[/root/etc/resolv.confFMON](https://github.com/search?q=%2Froot%2Fetc%2Fresolv.confFMON&type=code)<br>[/root/kube-schedulerUnknown](https://github.com/search?q=%2Froot%2Fkube-schedulerUnknown&type=code)<br>[/root/sys/fs/aufs/si_%s227373675443232059478759765625SendMsg](https://github.com/search?q=%2Froot%2Fsys%2Ffs%2Faufs%2Fsi_%25s227373675443232059478759765625SendMsg&type=code) |
+| MEDIUM | [fs/path/tmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/tmp.yara#tmp_path) | path reference within /tmp | [/tmp/cis-1.8.0//tmp/cis-1.6.0/run](https://github.com/search?q=%2Ftmp%2Fcis-1.8.0%2F%2Ftmp%2Fcis-1.6.0%2Frun&type=code)<br>[/tmp/container.shfile](https://github.com/search?q=%2Ftmp%2Fcontainer.shfile&type=code)<br>[/tmp/ctrl_listen.sockFailed](https://github.com/search?q=%2Ftmp%2Fctrl_listen.sockFailed&type=code)<br>[/tmp/dp_client.%d4e](https://github.com/search?q=%2Ftmp%2Fdp_client.%25d4e&type=code)<br>[/tmp/dp_listen.sockRead](https://github.com/search?q=%2Ftmp%2Fdp_listen.sockRead&type=code)<br>[/tmp/host.shInactiveAnonobject/host/block_accessGRP](https://github.com/search?q=%2Ftmp%2Fhost.shInactiveAnonobject%2Fhost%2Fblock_accessGRP&type=code)<br>[/tmp/kube_master.sh/tmp/kube_worker.sh%sbench/workload/%sGRPC](https://github.com/search?q=%2Ftmp%2Fkube_master.sh%2Ftmp%2Fkube_worker.sh%25sbench%2Fworkload%2F%25sGRPC&type=code)<br>[/tmp/neuvector/consul.json](https://github.com/search?q=%2Ftmp%2Fneuvector%2Fconsul.json&type=code)<br>[/tmp/neuvector/raft/peers.json/etc/neuvector/certs/internal/Failed](https://github.com/search?q=%2Ftmp%2Fneuvector%2Fraft%2Fpeers.json%2Fetc%2Fneuvector%2Fcerts%2Finternal%2FFailed&type=code)<br>[/tmp/neuvectorcan](https://github.com/search?q=%2Ftmp%2Fneuvectorcan&type=code)<br>[/tmp/ready](https://github.com/search?q=%2Ftmp%2Fready&type=code)<br>[/tmp/rh-1.4.0//tmp/cis-1.24//tmp/cis-1.23/kube-apiservercontainers](https://github.com/search?q=%2Ftmp%2Frh-1.4.0%2F%2Ftmp%2Fcis-1.24%2F%2Ftmp%2Fcis-1.23%2Fkube-apiservercontainers&type=code)<br>[/tmp/walkWorkload](https://github.com/search?q=%2Ftmp%2FwalkWorkload&type=code) |
+| MEDIUM | [fs/path/usr_local](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/usr-local.yara#usr_local_bin_path) | path reference within /usr/local/bin | [/usr/local/bin/.nvcontainerRunning](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2F.nvcontainerRunning&type=code)<br>[/usr/local/bin/SHD](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2FSHD&type=code)<br>[/usr/local/bin/admin-assembly-too](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fadmin-assembly-too&type=code)<br>[/usr/local/bin/agentListenSocket](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2FagentListenSocket&type=code)<br>[/usr/local/bin/consulgrpc](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fconsulgrpc&type=code)<br>[/usr/local/bin/controllercontext](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fcontrollercontext&type=code)<br>[/usr/local/bin/dpexiting](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fdpexiting&type=code)<br>[/usr/local/bin/fetcher/usr/local/bin/adapterio.kubernetes.pod.nameFailed](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Ffetcher%2Fusr%2Flocal%2Fbin%2Fadapterio.kubernetes.pod.nameFailed&type=code)<br>[/usr/local/bin/host.tmplNode](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fhost.tmplNode&type=code)<br>[/usr/local/bin/kube_master_1_0_0.tmpl/usr/local/bin/kube_worker_1_0_0.tmplresc](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_1_0_0.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_0_0.tmplresc&type=code)<br>[/usr/local/bin/kube_master_1_2_0.tmpl/usr/local/bin/kube_worker_1_2_0.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_1_2_0.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_2_0.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_master_1_4_1.tmpl/usr/local/bin/kube_worker_1_4_1.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_1_4_1.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_4_1.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_master_1_5_1.tmpl/usr/local/bin/kube_worker_1_5_1.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_1_5_1.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_5_1.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_master_gke_1_0_0.tmpl/usr/local/bin/kube_worker_gke_1_0_0.](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_gke_1_0_0.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_gke_1_0_0.&type=code)<br>[/usr/local/bin/kube_master_ocp_4_3.tmpl/usr/local/bin/kube_worker_ocp_4_3.tmpl](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_ocp_4_3.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_ocp_4_3.tmpl&type=code)<br>[/usr/local/bin/kube_master_ocp_4_5.tmpl/usr/local/bin/kube_worker_ocp_4_5.tmpl](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_master_ocp_4_5.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_worker_ocp_4_5.tmpl&type=code)<br>[/usr/local/bin/kube_runner.tmplCannot](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_runner.tmplCannot&type=code)<br>[/usr/local/bin/kube_worker_1_0_0.tmplreschedule](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_0_0.tmplreschedule&type=code)<br>[/usr/local/bin/kube_worker_1_2_0.tmpl/usr/local/bin/kube_master_1_0_0.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_2_0.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_master_1_0_0.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_worker_1_4_1.tmpl/usr/local/bin/kube_master_1_2_0.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_4_1.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_master_1_2_0.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_worker_1_5_1.tmpl/usr/local/bin/kube_master_1_4_1.tmpl/usr](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_1_5_1.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_master_1_4_1.tmpl%2Fusr&type=code)<br>[/usr/local/bin/kube_worker_gke_1_0_0.tmplDocker](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_gke_1_0_0.tmplDocker&type=code)<br>[/usr/local/bin/kube_worker_ocp_4_3.tmplexpected](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_ocp_4_3.tmplexpected&type=code)<br>[/usr/local/bin/kube_worker_ocp_4_5.tmpl/usr/local/bin/kube_master_ocp_4_3.tmpl](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkube_worker_ocp_4_5.tmpl%2Fusr%2Flocal%2Fbin%2Fkube_master_ocp_4_3.tmpl&type=code)<br>[/usr/local/bin/kubecis_1_2_0.rem/usr/local/bin/kubecis_1_0_0.remGet](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_1_2_0.rem%2Fusr%2Flocal%2Fbin%2Fkubecis_1_0_0.remGet&type=code)<br>[/usr/local/bin/kubecis_1_4_1.rem/usr/local/bin/kubecis_1_2_0.rem/usr/local/bin](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_1_4_1.rem%2Fusr%2Flocal%2Fbin%2Fkubecis_1_2_0.rem%2Fusr%2Flocal%2Fbin&type=code)<br>[/usr/local/bin/kubecis_1_5_1.rem/usr/local/bin/kubecis_1_4_1.rem/usr/local/bin](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_1_5_1.rem%2Fusr%2Flocal%2Fbin%2Fkubecis_1_4_1.rem%2Fusr%2Flocal%2Fbin&type=code)<br>[/usr/local/bin/kubecis_1_6_0.remController](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_1_6_0.remController&type=code)<br>[/usr/local/bin/kubecis_gke_1_0_0.remDocker](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_gke_1_0_0.remDocker&type=code)<br>[/usr/local/bin/kubecis_ocp_4_5.rem/usr/local/bin/kubecis_ocp_4_3.remUnable](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fkubecis_ocp_4_5.rem%2Fusr%2Flocal%2Fbin%2Fkubecis_ocp_4_3.remUnable&type=code)<br>[/usr/local/bin/monitor/usr/local/bin/fetcher/usr/local/bin/adapterio.kubernete](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fmonitor%2Fusr%2Flocal%2Fbin%2Ffetcher%2Fusr%2Flocal%2Fbin%2Fadapterio.kubernete&type=code)<br>[/usr/local/bin/nstoolscontainer-docker-bench](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fnstoolscontainer-docker-bench&type=code)<br>[/usr/local/bin/opacontext.Backgroundentering](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fopacontext.Backgroundentering&type=code)<br>[/usr/local/bin/pathWalkershare.EnforcerScanServiceScanErrSignatureScanErrorsha](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2FpathWalkershare.EnforcerScanServiceScanErrSignatureScanErrorsha&type=code)<br>[/usr/local/bin/progvar/lib/dpkg/statusno](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fprogvar%2Flib%2Fdpkg%2Fstatusno&type=code)<br>[/usr/local/bin/rh_runner.tmpl/usr/local/bin/container.tmplRunning](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Frh_runner.tmpl%2Fusr%2Flocal%2Fbin%2Fcontainer.tmplRunning&type=code)<br>[/usr/local/bin/scannerPROC](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2FscannerPROC&type=code)<br>[/usr/local/bin/scannerTask/sbin/xtables-legacy-multiccBalancerWrapper](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2FscannerTask%2Fsbin%2Fxtables-legacy-multiccBalancerWrapper&type=code)<br>[/usr/local/bin/sigstore-interfacegrpc](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Fsigstore-interfacegrpc&type=code)<br>[/usr/local/bin/tcpdumpservice](https://github.com/search?q=%2Fusr%2Flocal%2Fbin%2Ftcpdumpservice&type=code)<br>[/usr/local/binFA](https://github.com/search?q=%2Fusr%2Flocal%2FbinFA&type=code) |
+| MEDIUM | [fs/permission/chown](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/permission/permission-chown.yara#Chown) | Changes file ownership | [Chown](https://github.com/search?q=Chown&type=code) |
+| MEDIUM | [fs/permission/modify](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/permission/permission-modify.yara#chmod) | [modifies file permissions](https://linux.die.net/man/1/chmod) | [Chmod](https://github.com/search?q=Chmod&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code) |
+| MEDIUM | [fs/proc/arbitrary_pid](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/arbitrary-pid.yara#proc_arbitrary) | access /proc for arbitrary pids | [/proc/%d/mounts/sys](https://github.com/search?q=%2Fproc%2F%25d%2Fmounts%2Fsys&type=code)<br>[/proc/%d/root/kube](https://github.com/search?q=%2Fproc%2F%25d%2Froot%2Fkube&type=code)<br>[/proc/%d/rootFA](https://github.com/search?q=%2Fproc%2F%25d%2FrootFA&type=code)<br>[/proc/%d/task/](https://github.com/search?q=%2Fproc%2F%25d%2Ftask%2F&type=code)<br>[/proc/%dcopy](https://github.com/search?q=%2Fproc%2F%25dcopy&type=code)<br>[/proc/%v/stat](https://github.com/search?q=%2Fproc%2F%25v%2Fstat&type=code) |
+| MEDIUM | [fs/proc/cpuinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/cpuinfo.yara#proc_cpuinfo) | get CPU info | [/proc/cpuinfo](https://github.com/search?q=%2Fproc%2Fcpuinfo&type=code) |
+| MEDIUM | [fs/proc/self_cgroup](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/self-cgroup.yara#pid_self_cgroup) | accesses /proc files within own cgroup | [/proc/self/cgroup](https://github.com/search?q=%2Fproc%2Fself%2Fcgroup&type=code) |
+| MEDIUM | [fs/proc/self_mountinfo](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/self-mountinfo.yara#proc_self_mountinfo) | gets mount info associated to this process | [/proc/self/mountinfo](https://github.com/search?q=%2Fproc%2Fself%2Fmountinfo&type=code) |
+| MEDIUM | [fs/proc/sys_kernel_osrelease](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/proc/sys-kernel-osrelease.yara#proc_kernel_osrelease) | gets kernel release information | [/proc/sys/kernel/osrelease](https://github.com/search?q=%2Fproc%2Fsys%2Fkernel%2Fosrelease&type=code) |
+| MEDIUM | [hw/dev/block_ice](https://github.com/chainguard-dev/malcontent/blob/main/rules/hw/dev/block-device.yara#block_devices) | works with block devices | [/sys/blocktimestampsdocker](https://github.com/search?q=%2Fsys%2Fblocktimestampsdocker&type=code) |
+| MEDIUM | [impact/remote_access/heartbeat](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/heartbeat.yara#heartbeat) | references a 'heartbeat' | [TxHeartbeatErrors](https://github.com/search?q=TxHeartbeatErrors&type=code) |
+| MEDIUM | [impact/remote_access/iptables](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/iptables.yara#iptables_upload_http) | uploads, uses iptables and HTTP | [HTTP](https://github.com/search?q=HTTP&type=code)<br>[iptables -](https://github.com/search?q=iptables+-&type=code)<br>[iptables-savegraceful](https://github.com/search?q=iptables-savegraceful&type=code)<br>[iptablessent](https://github.com/search?q=iptablessent&type=code)<br>[uploadCurrentInfo](https://github.com/search?q=uploadCurrentInfo&type=code)<br>[uploadgoogle](https://github.com/search?q=uploadgoogle&type=code)<br>[uploads](https://github.com/search?q=uploads&type=code) |
+| MEDIUM | [lateral/scan/tool](https://github.com/chainguard-dev/malcontent/blob/main/rules/lateral/scan/scan_tool.yara#generic_scan_tool) | may scan networks | [%d.%d.%d.%d](https://github.com/search?q=%25d.%25d.%25d.%25d&type=code)<br>[Port](https://github.com/search?q=Port&type=code)<br>[Probe](https://github.com/search?q=Probe&type=code)<br>[Target](https://github.com/search?q=Target&type=code)<br>[connect](https://github.com/search?q=connect&type=code)<br>[port](https://github.com/search?q=port&type=code)<br>[probe](https://github.com/search?q=probe&type=code)<br>[scan](https://github.com/search?q=scan&type=code)<br>[socket](https://github.com/search?q=socket&type=code)<br>[target](https://github.com/search?q=target&type=code) |
+| MEDIUM | [net/dns/reverse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-reverse.yara#in_addr_arpa) | looks up the reverse hostname for an IP | [.in-addr.arpa](https://github.com/search?q=.in-addr.arpa&type=code)<br>[ip6.arpa](https://github.com/search?q=ip6.arpa&type=code) |
+| MEDIUM | [net/download](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/download/download.yara#download) | download files | [CLUSSnifferDownloadshare](https://github.com/search?q=CLUSSnifferDownloadshare&type=code)<br>[MaxConcurrentDownloads](https://github.com/search?q=MaxConcurrentDownloads&type=code)<br>[portsessionsdownloadruleslen](https://github.com/search?q=portsessionsdownloadruleslen&type=code) |
+| MEDIUM | [net/http/accept](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/accept.yara#http_accept_binary) | accepts binary files via HTTP | [Accept](https://github.com/search?q=Accept&type=code)<br>[application/octet-stream](https://github.com/search?q=application%2Foctet-stream&type=code) |
+| MEDIUM | [net/http/content_length](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/content-length.yara#content_length_0) | Sets HTTP content length to zero | [Content-Length: 0](https://github.com/search?q=Content-Length%3A+0&type=code) |
+| MEDIUM | [net/http/cookies](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/cookies.yara#http_cookie) | [access HTTP resources using cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) | [Cookie](https://github.com/search?q=Cookie&type=code)<br>[HTTP](https://github.com/search?q=HTTP&type=code) |
+| MEDIUM | [net/http/form_upload](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/form-upload.yara#http_form_upload) | upload content via HTTP form | [POST](https://github.com/search?q=POST&type=code)<br>[application/json](https://github.com/search?q=application%2Fjson&type=code)<br>[application/x-www-form-urlencoded](https://github.com/search?q=application%2Fx-www-form-urlencoded&type=code) |
+| MEDIUM | [net/http/post](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/post.yara#http_post) | submits content to websites | [Content-Type isn](https://github.com/search?q=Content-Type+isn&type=code)<br>[Content-Typealiyun.addonv11.UserInfoRawExten](https://github.com/search?q=Content-Typealiyun.addonv11.UserInfoRawExten&type=code)<br>[Content-Typenet/http: timeout awaiting respo](https://github.com/search?q=Content-Typenet%2Fhttp%3A+timeout+awaiting+respo&type=code)<br>[HTTP](https://github.com/search?q=HTTP&type=code)<br>[POST](https://github.com/search?q=POST&type=code) |
+| MEDIUM | [net/http/webhook](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/webhook.yara#webhook) | supports webhooks | [CLUSWebhook](https://github.com/search?q=CLUSWebhook&type=code)<br>[WebHook](https://github.com/search?q=WebHook&type=code)<br>[WebhookEnable_UNUSED](https://github.com/search?q=WebhookEnable_UNUSED&type=code)<br>[WebhookUrl_UNUSED](https://github.com/search?q=WebhookUrl_UNUSED&type=code)<br>[Webhooks](https://github.com/search?q=Webhooks&type=code)<br>[webhook_enable](https://github.com/search?q=webhook_enable&type=code)<br>[webhook_url](https://github.com/search?q=webhook_url&type=code)<br>[webhooks](https://github.com/search?q=webhooks&type=code) |
+| MEDIUM | [net/ip/host_port](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/host_port.yara#go_scan_tool_val) | Uses struct with JSON representations for host:port | [json:"hostname"](https://github.com/search?q=json%3A%22hostname%22&type=code)<br>[json:"ip"](https://github.com/search?q=json%3A%22ip%22&type=code)<br>[json:"port"](https://github.com/search?q=json%3A%22port%22&type=code) |
+| MEDIUM | [net/ip/icmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/icmp.yara#ping) | Uses the ping tool to generate ICMP packets | [ping not acked within timeout](https://github.com/search?q=ping+not+acked+within+timeout&type=code) |
+| MEDIUM | [net/ip/parse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip-parse.yara#ip_go) | parses IP address (IPv4 or IPv6) | [IsLinkLocalUnicast](https://github.com/search?q=IsLinkLocalUnicast&type=code)<br>[IsSingleIP](https://github.com/search?q=IsSingleIP&type=code) |
+| MEDIUM | [net/proxy/tunnel](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/proxy/tunnel_proxy.yara#tunnel_proxy) | network tunnel proxy | [Proxy](https://github.com/search?q=Proxy&type=code)<br>[TLS13](https://github.com/search?q=TLS13&type=code)<br>[TLSVersion](https://github.com/search?q=TLSVersion&type=code)<br>[crypto](https://github.com/search?q=crypto&type=code)<br>[proxy](https://github.com/search?q=proxy&type=code)<br>[socket](https://github.com/search?q=socket&type=code)<br>[tunnel](https://github.com/search?q=tunnel&type=code) |
+| MEDIUM | [net/socket/connect](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-connect.yara#_connect) | [initiate a connection on a socket](https://linux.die.net/man/3/connect) | [_connect](https://github.com/search?q=_connect&type=code) |
+| MEDIUM | [net/socket/listen](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-listen.yara#listen) | generic listen string | [accept](https://github.com/search?q=accept&type=code)<br>[listen](https://github.com/search?q=listen&type=code)<br>[socket](https://github.com/search?q=socket&type=code) |
+| MEDIUM | [net/tcp/connect](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/connect.yara#connect_tcp) | connects to a TCP port | [dialTCP](https://github.com/search?q=dialTCP&type=code) |
+| MEDIUM | [net/tcp/sftp](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/sftp.yara#sftp) | Supports sftp (FTP over SSH) | [sftp](https://github.com/search?q=sftp&type=code)<br>[ssh](https://github.com/search?q=ssh&type=code) |
+| MEDIUM | [net/tcp/ssh](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/ssh.yara#ssh) | Supports SSH (secure shell) | [SSH](https://github.com/search?q=SSH&type=code) |
+| MEDIUM | [net/tun_tap](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tun_tap.yara#tun_tap) | accesses the TUN/TAP device driver | [/dev/net/tun](https://github.com/search?q=%2Fdev%2Fnet%2Ftun&type=code) |
+| MEDIUM | [net/url/encode](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/encode.yara#url_encode) | encodes URL, likely to pass GET variables | [urlencode](https://github.com/search?q=urlencode&type=code) |
+| MEDIUM | [net/url/request](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/request.yara#requests_urls) | requests resources via URL | [http.request](https://github.com/search?q=http.request&type=code)<br>[net/url](https://github.com/search?q=net%2Furl&type=code) |
+| MEDIUM | [sus/exclamation](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/exclamation.yara#exclamations) | gets very excited | [not foundNo interface!!](https://github.com/search?q=not+foundNo+interface%21%21&type=code)<br>[number println!!](https://github.com/search?q=number+println%21%21&type=code)<br>[ontain alphanumerical characters onlyexplicitly tagged !!](https://github.com/search?q=ontain+alphanumerical+characters+onlyexplicitly+tagged+%21%21&type=code) |
+| MEDIUM | [sus/intercept](https://github.com/chainguard-dev/malcontent/blob/main/rules/sus/intercept.yara#interceptor) | References interception | [interceptor](https://github.com/search?q=interceptor&type=code) |
+| LOW | [c2/tool_transfer/arch](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/arch.yara#arch_ref) | references a specific architecture | [amd64](https://github.com/search?q=amd64&type=code)<br>[arm64](https://github.com/search?q=arm64&type=code)<br>[http://](http://)<br>[https://](https://)<br>[x86](https://github.com/search?q=x86&type=code) |
+| LOW | [credential/password](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/password/password.yara#password) | references a 'password' | [GetPassword](https://github.com/search?q=GetPassword&type=code)<br>[PasswordEprotobuf](https://github.com/search?q=PasswordEprotobuf&type=code)<br>[UserPassword](https://github.com/search?q=UserPassword&type=code)<br>[d for field Passwordruntime](https://github.com/search?q=d+for+field+Passwordruntime&type=code)<br>[no passwords used](https://github.com/search?q=no+passwords+used&type=code)<br>[passwordSet](https://github.com/search?q=passwordSet&type=code)<br>[socksUsernamePassword](https://github.com/search?q=socksUsernamePassword&type=code)<br>[stripPassword](https://github.com/search?q=stripPassword&type=code)<br>[vpasswordoffsets](https://github.com/search?q=vpasswordoffsets&type=code) |
+| LOW | [credential/ssl/private_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/credential/ssl/private_key.yara#private_key_val) | References private keys | [privateKey](https://github.com/search?q=privateKey&type=code) |
+| LOW | [crypto/aes](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/aes.yara#crypto_aes) | Supports AES (Advanced Encryption Standard) | [AES](https://github.com/search?q=AES&type=code)<br>[crypto/aes](https://github.com/search?q=crypto%2Faes&type=code) |
+| LOW | [crypto/decrypt](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/decrypt.yara#decrypt) | decrypts data | [DecryptPKCS1v15SessionK](https://github.com/search?q=DecryptPKCS1v15SessionK&type=code)<br>[DecryptTicket](https://github.com/search?q=DecryptTicket&type=code)<br>[DecrypterOpts](https://github.com/search?q=DecrypterOpts&type=code)<br>[Decrypterproto](https://github.com/search?q=Decrypterproto&type=code)<br>[NewCBCDecrypter](https://github.com/search?q=NewCBCDecrypter&type=code)<br>[PKCS1v15DecryptOptions](https://github.com/search?q=PKCS1v15DecryptOptions&type=code)<br>[cbcDecrypter](https://github.com/search?q=cbcDecrypter&type=code)<br>[lid options for Decrypttags don](https://github.com/search?q=lid+options+for+Decrypttags+don&type=code)<br>[rsaDecryptOk](https://github.com/search?q=rsaDecryptOk&type=code) |
+| LOW | [crypto/ecdsa](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/ecdsa.yara#crypto_ecdsa) | Uses the Go crypto/ecdsa library | [crypto/ecdsa](https://github.com/search?q=crypto%2Fecdsa&type=code) |
+| LOW | [crypto/ed25519](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/ed25519.yara#ed25519) | Elliptic curve algorithm used by TLS and SSH | [ed25519](https://github.com/search?q=ed25519&type=code) |
+| LOW | [crypto/public_key](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/public_key.yara#public_key) | references a 'public key' | [Public Key](https://github.com/search?q=Public+Key&type=code)<br>[PublicKey](https://github.com/search?q=PublicKey&type=code)<br>[public key](https://github.com/search?q=public+key&type=code)<br>[publicKey](https://github.com/search?q=publicKey&type=code) |
+| LOW | [crypto/tls](https://github.com/chainguard-dev/malcontent/blob/main/rules/crypto/tls.yara#tls) | tls | [TLS13](https://github.com/search?q=TLS13&type=code)<br>[TLSVersion](https://github.com/search?q=TLSVersion&type=code)<br>[crypto/tls](https://github.com/search?q=crypto%2Ftls&type=code) |
+| LOW | [data/compression/bzip2](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/bzip2.yara#bzip2) | Works with bzip2 files | [bzip2](https://github.com/search?q=bzip2&type=code) |
+| LOW | [data/compression/gzip](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/gzip.yara#gzip) | [works with gzip files](https://www.gnu.org/software/gzip/) | [gzip](https://github.com/search?q=gzip&type=code) |
+| LOW | [data/compression/zstd](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/compression/zstd.yara#zstd) | Zstandard: fast real-time compression algorithm | [(µ/ý](https://github.com/search?q=%28%B5%2F%FD&type=code)<br>[zstd](https://github.com/search?q=zstd&type=code) |
+| LOW | [data/encoding/base64](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/base64.yara#b64) | Supports base64 encoded strings | [base64](https://github.com/search?q=base64&type=code) |
+| LOW | [data/encoding/json](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/json.yara#encoding_json) | Supports JSON encoded objects | [encoding/json](https://github.com/search?q=encoding%2Fjson&type=code) |
+| LOW | [data/encoding/json_decode](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/encoding/json-decode.yara#jsondecode) | Decodes JSON messages | [json.Unmarshal](https://github.com/search?q=json.Unmarshal&type=code) |
+| LOW | [data/hash/md5](https://github.com/chainguard-dev/malcontent/blob/main/rules/data/hash/md5.yara#MD5) | Uses the MD5 signature format | [md5:](https://github.com/search?q=md5%3A&type=code) |
+| LOW | [discover/system/cpu](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/cpu.yara#processor_count) | [gets number of processors](https://man7.org/linux/man-pages/man3/get_nprocs.3.html) | [nproc](https://github.com/search?q=nproc&type=code) |
+| LOW | [discover/system/hostname](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/hostname.yara#gethostname) | [get computer host name](https://man7.org/linux/man-pages/man2/sethostname.2.html) | [/proc/sys/kernel/hostname](https://github.com/search?q=%2Fproc%2Fsys%2Fkernel%2Fhostname&type=code) |
+| LOW | [discover/system/machine_id](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/machine_id.yara#machineid) | Gets a unique machineid for the host | [machineid](https://github.com/search?q=machineid&type=code) |
+| LOW | [discover/system/platform](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/platform.yara#uname) | [system identification](https://man7.org/linux/man-pages/man1/uname.1.html) | [syscall.Uname](https://github.com/search?q=syscall.Uname&type=code)<br>[uname](https://github.com/search?q=uname&type=code) |
+| LOW | [discover/user/HOME](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/user/HOME.yara#HOME) | [Looks up the HOME directory for the current user](https://man.openbsd.org/login.1#ENVIRONMENT) | [HOME](https://github.com/search?q=HOME&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [discover/user/USER](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/user/USER.yara#USER) | [Looks up the USER name of the current user](https://man.openbsd.org/login.1#ENVIRONMENT) | [USER](https://github.com/search?q=USER&type=code)<br>[environ](https://github.com/search?q=environ&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [evasion/logging/acct](https://github.com/chainguard-dev/malcontent/blob/main/rules/evasion/logging/acct.yara#acct) | switch process accounting on or off | [radius-acct](https://github.com/search?q=radius-acct&type=code) |
+| LOW | [exec/plugin](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/plugin/plugin.yara#plugin) | references a 'plugin' | [PluginPidns](https://github.com/search?q=PluginPidns&type=code)<br>[Plugincontainerd](https://github.com/search?q=Plugincontainerd&type=code)<br>[PluginsRequest](https://github.com/search?q=PluginsRequest&type=code)<br>[PluginsResponseproto](https://github.com/search?q=PluginsResponseproto&type=code)<br>[Plugins_Handler](https://github.com/search?q=Plugins_Handler&type=code)<br>[Pluginscontainerd](https://github.com/search?q=Pluginscontainerd&type=code)<br>[Pluginsproto](https://github.com/search?q=Pluginsproto&type=code)<br>[adaptPlugin](https://github.com/search?q=adaptPlugin&type=code)<br>[getPlugins](https://github.com/search?q=getPlugins&type=code)<br>[pluginCache](https://github.com/search?q=pluginCache&type=code)<br>[pluginpath](https://github.com/search?q=pluginpath&type=code)<br>[pluginsFA](https://github.com/search?q=pluginsFA&type=code)<br>[pluginsToPB](https://github.com/search?q=pluginsToPB&type=code)<br>[s plugingithub](https://github.com/search?q=s+plugingithub&type=code)<br>[vplugin](https://github.com/search?q=vplugin&type=code)<br>[wplugin](https://github.com/search?q=wplugin&type=code) |
+| LOW | [exec/shell/TERM](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/TERM.yara#TERM) | [Look up or override terminal settings](https://www.gnu.org/software/gettext/manual/html_node/The-TERM-variable.html) | [TERM](https://github.com/search?q=TERM&type=code) |
+| LOW | [exec/system_controls/systemd](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/system_controls/systemd.yara#ref_systemd) | makes references to systemd | [systemd](https://github.com/search?q=systemd&type=code) |
+| LOW | [fs/directory/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-create.yara#mkdir) | [creates directories](https://man7.org/linux/man-pages/man2/mkdir.2.html) | [mkdir](https://github.com/search?q=mkdir&type=code) |
+| LOW | [fs/directory/list](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-list.yara#GoReadDir) | Uses Go functions to list a directory | [.ReadDir](https://github.com/search?q=.ReadDir&type=code) |
+| LOW | [fs/directory/remove](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/directory/directory-remove.yara#rmdir) | Uses libc functions to remove directories | [Rmdir](https://github.com/search?q=Rmdir&type=code)<br>[rmdir](https://github.com/search?q=rmdir&type=code) |
+| LOW | [fs/file/delete](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-delete.yara#unlink) | [deletes files](https://man7.org/linux/man-pages/man2/unlink.2.html) | [unlinkat](https://github.com/search?q=unlinkat&type=code) |
+| LOW | [fs/file/open](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-open.yara#java_open) | opens files | [openFile](https://github.com/search?q=openFile&type=code) |
+| LOW | [fs/file/read](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-read.yara#go_file_read) | reads files | [ReadFile](https://github.com/search?q=ReadFile&type=code)<br>[os.(*File).Read](https://github.com/search?q=os.%28%2AFile%29.Read&type=code) |
+| LOW | [fs/file/truncate](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-truncate.yara#ftruncate) | truncate a file to a specified length | [ftruncate](https://github.com/search?q=ftruncate&type=code) |
+| LOW | [fs/file/write](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/file/file-write.yara#file_write) | writes to file | [WriteFile](https://github.com/search?q=WriteFile&type=code)<br>[writeRawFile](https://github.com/search?q=writeRawFile&type=code) |
+| LOW | [fs/link_create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/link-create.yara#linkat) | May create hard file links | [linkat](https://github.com/search?q=linkat&type=code) |
+| LOW | [fs/link_read](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/link-read.yara#readlink) | [read value of a symbolic link](https://man7.org/linux/man-pages/man2/readlink.2.html) | [readlinkat](https://github.com/search?q=readlinkat&type=code) |
+| LOW | [fs/mount](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/mount.yara#mount) | mounts file systems | [-o](https://github.com/search?q=-o&type=code)<br>[mount](https://github.com/search?q=mount&type=code) |
+| LOW | [fs/node_create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/node-create.yara#mknod) | [create device files](https://man7.org/linux/man-pages/man2/mknod.2.html) | [mknod](https://github.com/search?q=mknod&type=code) |
+| LOW | [fs/path/bin_su](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/bin-su.yara#bin_su) | Calls /bin/su | [/bin/su](https://github.com/search?q=%2Fbin%2Fsu&type=code) |
+| LOW | [fs/path/etc](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc.yara#etc_path) | path reference within /etc | [/etc/apache/mime.typeshpack](https://github.com/search?q=%2Fetc%2Fapache%2Fmime.typeshpack&type=code)<br>[/etc/centos-release/etc/debian](https://github.com/search?q=%2Fetc%2Fcentos-release%2Fetc%2Fdebian&type=code)<br>[/etc/crio/crio.conf.d/](https://github.com/search?q=%2Fetc%2Fcrio%2Fcrio.conf.d%2F&type=code)<br>[/etc/crio/crio.conf/run/containerd/co](https://github.com/search?q=%2Fetc%2Fcrio%2Fcrio.conf%2Frun%2Fcontainerd%2Fco&type=code)<br>[/etc/groupmemory.max](https://github.com/search?q=%2Fetc%2Fgroupmemory.max&type=code)<br>[/etc/hostnamecri](https://github.com/search?q=%2Fetc%2Fhostnamecri&type=code)<br>[/etc/hostnameusr/lib/os-releaseetc/ce](https://github.com/search?q=%2Fetc%2Fhostnameusr%2Flib%2Fos-releaseetc%2Fce&type=code)<br>[/etc/hostsrt](https://github.com/search?q=%2Fetc%2Fhostsrt&type=code)<br>[/etc/httpd/conf/mime.typesid](https://github.com/search?q=%2Fetc%2Fhttpd%2Fconf%2Fmime.typesid&type=code)<br>[/etc/localtime](https://github.com/search?q=%2Fetc%2Flocaltime&type=code)<br>[/etc/login.defs/proc/](https://github.com/search?q=%2Fetc%2Flogin.defs%2Fproc%2F&type=code)<br>[/etc/mime.types](https://github.com/search?q=%2Fetc%2Fmime.types&type=code)<br>[/etc/mtablowerdir](https://github.com/search?q=%2Fetc%2Fmtablowerdir&type=code)<br>[/etc/neuvector/certs/internal/ca.cert](https://github.com/search?q=%2Fetc%2Fneuvector%2Fcerts%2Finternal%2Fca.cert&type=code)<br>[/etc/neuvector/certs/internal/cert.ke](https://github.com/search?q=%2Fetc%2Fneuvector%2Fcerts%2Finternal%2Fcert.ke&type=code)<br>[/etc/neuvector/certs/internal/cert.pe](https://github.com/search?q=%2Fetc%2Fneuvector%2Fcerts%2Finternal%2Fcert.pe&type=code)<br>[/etc/neuvector/certs/internalcom.dock](https://github.com/search?q=%2Fetc%2Fneuvector%2Fcerts%2Finternalcom.dock&type=code)<br>[/etc/nsswitch.confinvalid](https://github.com/search?q=%2Fetc%2Fnsswitch.confinvalid&type=code)<br>[/etc/os-release](https://github.com/search?q=%2Fetc%2Fos-release&type=code)<br>[/etc/passwd/etc/shadow](https://github.com/search?q=%2Fetc%2Fpasswd%2Fetc%2Fshadow&type=code)<br>[/etc/pki/ca-trust/extracted/pem/tls-c](https://github.com/search?q=%2Fetc%2Fpki%2Fca-trust%2Fextracted%2Fpem%2Ftls-c&type=code)<br>[/etc/pki/tls/cacert.peminvalid](https://github.com/search?q=%2Fetc%2Fpki%2Ftls%2Fcacert.peminvalid&type=code)<br>[/etc/pki/tls/certs/ca-bundle.crtx](https://github.com/search?q=%2Fetc%2Fpki%2Ftls%2Fcerts%2Fca-bundle.crtx&type=code)<br>[/etc/protocolsunknown](https://github.com/search?q=%2Fetc%2Fprotocolsunknown&type=code)<br>[/etc/resolv.conf](https://github.com/search?q=%2Fetc%2Fresolv.conf&type=code)<br>[/etc/services](https://github.com/search?q=%2Fetc%2Fservices&type=code)<br>[/etc/shellssubmissionsnil](https://github.com/search?q=%2Fetc%2Fshellssubmissionsnil&type=code)<br>[/etc/ssl/ca-bundle.pemx](https://github.com/search?q=%2Fetc%2Fssl%2Fca-bundle.pemx&type=code)<br>[/etc/ssl/cert.peminvalid](https://github.com/search?q=%2Fetc%2Fssl%2Fcert.peminvalid&type=code)<br>[/etc/ssl/certs/ca-certificates.crtadd](https://github.com/search?q=%2Fetc%2Fssl%2Fcerts%2Fca-certificates.crtadd&type=code)<br>[/etc/subgid](https://github.com/search?q=%2Fetc%2Fsubgid&type=code)<br>[/etc/subuid](https://github.com/search?q=%2Fetc%2Fsubuid&type=code)<br>[/etc/sysconfig/clock/](https://github.com/search?q=%2Fetc%2Fsysconfig%2Fclock%2F&type=code)<br>[/etc/timezone/dev/.udev/db](https://github.com/search?q=%2Fetc%2Ftimezone%2Fdev%2F.udev%2Fdb&type=code)<br>[/etc/zoneinfoparsing](https://github.com/search?q=%2Fetc%2Fzoneinfoparsing&type=code) |
+| LOW | [fs/path/etc_resolv.conf](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/etc-resolv.conf.yara#etc_resolv_conf) | accesses DNS resolver configuration | [/etc/resolv.conf](https://github.com/search?q=%2Fetc%2Fresolv.conf&type=code) |
+| LOW | [fs/path/home](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/home.yara#home_path) | references path within /home | [/home/.](https://github.com/search?q=%2Fhome%2F.&type=code) |
+| LOW | [fs/path/usr_bin](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/usr-bin.yara#usr_bin_path) | path reference within /usr/bin | [/usr/bin/calico-nodePROC](https://github.com/search?q=%2Fusr%2Fbin%2Fcalico-nodePROC&type=code)<br>[/usr/bin/csp-billing-adapterio.kubernetes](https://github.com/search?q=%2Fusr%2Fbin%2Fcsp-billing-adapterio.kubernetes&type=code)<br>[/usr/bin/curliptables-savegraceful_stop](https://github.com/search?q=%2Fusr%2Fbin%2Fcurliptables-savegraceful_stop&type=code)<br>[/usr/bin/getconf](https://github.com/search?q=%2Fusr%2Fbin%2Fgetconf&type=code)<br>[/usr/bin/getentduplicated](https://github.com/search?q=%2Fusr%2Fbin%2Fgetentduplicated&type=code)<br>[/usr/bin/iconvPROC](https://github.com/search?q=%2Fusr%2Fbin%2FiconvPROC&type=code)<br>[/usr/bin/jqsupervisord.WithCancelgrpc.Ser](https://github.com/search?q=%2Fusr%2Fbin%2Fjqsupervisord.WithCancelgrpc.Ser&type=code)<br>[/usr/bin/lsof](https://github.com/search?q=%2Fusr%2Fbin%2Flsof&type=code)<br>[/usr/bin/pod](https://github.com/search?q=%2Fusr%2Fbin%2Fpod&type=code)<br>[/usr/bin/supervisordAdd](https://github.com/search?q=%2Fusr%2Fbin%2FsupervisordAdd&type=code)<br>[/usr/bin/tee](https://github.com/search?q=%2Fusr%2Fbin%2Ftee&type=code)<br>[/usr/bin/timeoutcontext](https://github.com/search?q=%2Fusr%2Fbin%2Ftimeoutcontext&type=code)<br>[/usr/bin/topconfigure.shcontext.TODOconte](https://github.com/search?q=%2Fusr%2Fbin%2Ftopconfigure.shcontext.TODOconte&type=code)<br>[/usr/bin/uname](https://github.com/search?q=%2Fusr%2Fbin%2Funame&type=code) |
+| LOW | [fs/path/usr_sbin](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/usr-sbin.yara#usr_sbin_path) | path reference within /usr/sbin | [/usr/sbin/ethtool/usr/local/bin/dpexiting](https://github.com/search?q=%2Fusr%2Fsbin%2Fethtool%2Fusr%2Flocal%2Fbin%2Fdpexiting&type=code) |
+| LOW | [fs/path/var](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/var.yara#var_path) | path reference within /var | [/var//sbinpInfo/rootSwarmD.2.5D.2.7D.3.1D.3.2D.3.3D.3.4D.3.5D.3.6D.3.](https://github.com/search?q=%2Fvar%2F%2FsbinpInfo%2FrootSwarmD.2.5D.2.7D.3.1D.3.2D.3.3D.3.4D.3.5D.3.6D.3.&type=code)<br>[/var/lib/docker/aufs/diffno](https://github.com/search?q=%2Fvar%2Flib%2Fdocker%2Faufs%2Fdiffno&type=code)<br>[/var/lib/rpm/Packages/lib/apk/db/installedFMON](https://github.com/search?q=%2Fvar%2Flib%2Frpm%2FPackages%2Flib%2Fapk%2Fdb%2FinstalledFMON&type=code)<br>[/var/nv_debug/pcap/controller](https://github.com/search?q=%2Fvar%2Fnv_debug%2Fpcap%2Fcontroller&type=code)<br>[/var/nv_debug/profileCannot](https://github.com/search?q=%2Fvar%2Fnv_debug%2FprofileCannot&type=code)<br>[/var/nv_debug/snapshotNeuVectorPolicyVersionGRP](https://github.com/search?q=%2Fvar%2Fnv_debug%2FsnapshotNeuVectorPolicyVersionGRP&type=code)<br>[/var/run/cri-dockerd.sockFile](https://github.com/search?q=%2Fvar%2Frun%2Fcri-dockerd.sockFile&type=code)<br>[/var/run/crio/crio.sockFile](https://github.com/search?q=%2Fvar%2Frun%2Fcrio%2Fcrio.sockFile&type=code)<br>[/var/run/docker.sock/var/lib/dpkg/statusFile](https://github.com/search?q=%2Fvar%2Frun%2Fdocker.sock%2Fvar%2Flib%2Fdpkg%2FstatusFile&type=code)<br>[/var/run/dockershim.sock/var/lib/rpm/Packages.dbFMON](https://github.com/search?q=%2Fvar%2Frun%2Fdockershim.sock%2Fvar%2Flib%2Frpm%2FPackages.dbFMON&type=code)<br>[/var/run/openvswitch/Error](https://github.com/search?q=%2Fvar%2Frun%2Fopenvswitch%2FError&type=code)<br>[/var/run/openvswitch/db.sockNotify](https://github.com/search?q=%2Fvar%2Frun%2Fopenvswitch%2Fdb.sockNotify&type=code)<br>[/var/run/secrets/kubernetes.io/serviceaccount/ca.crtk8s.io.apimachine](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2Fkubernetes.io%2Fserviceaccount%2Fca.crtk8s.io.apimachine&type=code)<br>[/var/run/secrets/kubernetes.io/serviceaccount/namespaceproto](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2Fkubernetes.io%2Fserviceaccount%2Fnamespaceproto&type=code)<br>[/var/run/secrets/kubernetes.io/serviceaccount/tokenk8s.io.apimachiner](https://github.com/search?q=%2Fvar%2Frun%2Fsecrets%2Fkubernetes.io%2Fserviceaccount%2Ftokenk8s.io.apimachiner&type=code)<br>[/var/tmp](https://github.com/search?q=%2Fvar%2Ftmp&type=code) |
+| LOW | [fs/tempdir](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempdir/tempdir.yara#tempdir) | looks up location of temp directory | [TMPDIR](https://github.com/search?q=TMPDIR&type=code) |
+| LOW | [fs/tempdir/TEMP](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempdir/TEMP.yara#temp) | temp | [TEMP](https://github.com/search?q=TEMP&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code)<br>[temp](https://github.com/search?q=temp&type=code) |
+| LOW | [fs/tempdir/TMPDIR](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempdir/TMPDIR.yara#TMPDIR) | TMPDIR | [TMPDIR](https://github.com/search?q=TMPDIR&type=code)<br>[getenv](https://github.com/search?q=getenv&type=code) |
+| LOW | [fs/tempdir/create](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempdir/tempdir-create.yara#mkdtemp) | creates temporary directory | [temp dir](https://github.com/search?q=temp+dir&type=code) |
+| LOW | [fs/tempfile](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/tempfile.yara#mktemp) | creates temporary files | [ioutil/tempfile](https://github.com/search?q=ioutil%2Ftempfile&type=code)<br>[tmpfile](https://github.com/search?q=tmpfile&type=code) |
+| LOW | [fs/watch](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/watch.yara#inotify) | monitors filesystem events | [inotify](https://github.com/search?q=inotify&type=code) |
+| LOW | [net/dns](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns.yara#go_dns_refs) | Uses DNS (Domain Name Service) | [CNAMEResource](https://github.com/search?q=CNAMEResource&type=code)<br>[SetEDNS0](https://github.com/search?q=SetEDNS0&type=code)<br>[dnsmessage](https://github.com/search?q=dnsmessage&type=code) |
+| LOW | [net/dns/servers](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-servers.yara#go_dns_refs_local) | Examines local DNS servers | [CNAMEResource](https://github.com/search?q=CNAMEResource&type=code) |
+| LOW | [net/dns/txt](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/dns/dns-txt.yara#dns_txt) | Uses DNS TXT (text) records | [TXT](https://github.com/search?q=TXT&type=code)<br>[dns](https://github.com/search?q=dns&type=code) |
+| LOW | [net/http/2](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/http2.yara#http2) | Uses the HTTP/2 protocol | [HTTP/2](https://github.com/search?q=HTTP%2F2&type=code) |
+| LOW | [net/http/accept_encoding](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/accept-encoding.yara#content_type) | [set HTTP response encoding format (example: gzip)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding) | [Accept-Encoding](https://github.com/search?q=Accept-Encoding&type=code) |
+| LOW | [net/http/auth](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/auth.yara#http_auth) | makes HTTP requests with basic authentication | [WWW-Authenticate](https://github.com/search?q=WWW-Authenticate&type=code)<br>[Www-Authenticate](https://github.com/search?q=Www-Authenticate&type=code)<br>[www-authenticate](https://github.com/search?q=www-authenticate&type=code) |
+| LOW | [net/http/proxy](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/proxy.yara#proxy_auth) | [use HTTP proxy that requires authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization) | [Proxy-Authorization](https://github.com/search?q=Proxy-Authorization&type=code) |
+| LOW | [net/http/request](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/http/http-request.yara#http_request) | makes HTTP requests | [HTTP/1.](https://github.com/search?q=HTTP%2F1.&type=code)<br>[Referer](https://github.com/search?q=Referer&type=code)<br>[User-Agent](https://github.com/search?q=User-Agent&type=code) |
+| LOW | [net/ip/send_unicast](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/ip/ip-send-unicast.yara#unicast) | send data to the internet | [unicast](https://github.com/search?q=unicast&type=code) |
+| LOW | [net/resolve/hostname](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/resolve/hostname-resolve.yara#cannot_resolve) | resolve network host name to IP address | [cannot resolve](https://github.com/search?q=cannot+resolve&type=code) |
+| LOW | [net/socket/local_addr](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-local_addr.yara#getsockname) | [get local address of connected socket](https://man7.org/linux/man-pages/man2/getsockname.2.html) | [getsockname](https://github.com/search?q=getsockname&type=code) |
+| LOW | [net/socket/peer_address](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-peer-address.yara#getpeername) | [get peer address of connected socket](https://man7.org/linux/man-pages/man2/getpeername.2.html) | [getpeername](https://github.com/search?q=getpeername&type=code) |
+| LOW | [net/socket/receive](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-receive.yara#recvmsg) | [receive a message from a socket](https://linux.die.net/man/2/recvmsg) | [recvfrom](https://github.com/search?q=recvfrom&type=code)<br>[recvmsg](https://github.com/search?q=recvmsg&type=code) |
+| LOW | [net/socket/send](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/socket/socket-send.yara#sendmsg) | [send a message to a socket](https://linux.die.net/man/2/sendmsg) | [sendmsg](https://github.com/search?q=sendmsg&type=code)<br>[sendto](https://github.com/search?q=sendto&type=code) |
+| LOW | [net/tcp/grpc](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/grpc.yara#grpc) | Uses the gRPC Remote Procedure Call framework | [gRPC](https://github.com/search?q=gRPC&type=code) |
+| LOW | [net/udp/receive](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/udp/udp-receive.yara#udp_listen) | Listens for UDP responses | [ReadFromUDP](https://github.com/search?q=ReadFromUDP&type=code)<br>[listenUDP](https://github.com/search?q=listenUDP&type=code) |
+| LOW | [net/udp/send](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/udp/udp-send.yara#udp_send) | Sends UDP packets | [DialUDP](https://github.com/search?q=DialUDP&type=code)<br>[WriteMsgUDP](https://github.com/search?q=WriteMsgUDP&type=code) |
+| LOW | [net/url/embedded](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/embedded.yara#https_url) | contains embedded HTTPS URLs | [https://bugs.centos.org/](https://bugs.centos.org/)<br>[https://docker.io/](https://docker.io/)<br>[https://finishedmemLimitplatform](https://finishedmemLimitplatform)<br>[https://git.k8s.io/community/contributors/devel/sig-architecture/api-conv](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conv)<br>[https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md)<br>[https://golang.org/pkg/unicode/](https://golang.org/pkg/unicode/)<br>[https://index.docker.io/json](https://index.docker.io/json)<br>[https://kubernetes.default/apis/config.openshift.io/v1/clusteroperators/o](https://kubernetes.default/apis/config.openshift.io/v1/clusteroperators/o)<br>[https://kubernetes.default/version/openshiftproto](https://kubernetes.default/version/openshiftproto)<br>[https://kubernetes.default/versionproto](https://kubernetes.default/versionproto)<br>[https://kubernetes.io/docs/reference/using-api/api-concepts/](https://kubernetes.io/docs/reference/using-api/api-concepts/)<br>[https://protobuf.dev/reference/go/faq](https://protobuf.dev/reference/go/faq)<br>[https://registry-1.docker.io/bufio.Scanner](https://registry-1.docker.io/bufio.Scanner)<br>[https://registry.hub.docker.com/Failed](https://registry.hub.docker.com/Failed)<br>[https://www.centos.org/](https://www.centos.org/)<br>[https://www.iana.org/assignments/service-names-port-numbers/service-names](https://www.iana.org/assignments/service-names-port-numbers/service-names) |
+| LOW | [net/url/parse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/parse.yara#url_handle) | Handles URL strings | [RequestURI](https://github.com/search?q=RequestURI&type=code) |
+| LOW | [os/fd/sendfile](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/fd/sendfile.yara#sendfile) | [transfer data between file descriptors](https://man7.org/linux/man-pages/man2/sendfile.2.html) | [sendfile](https://github.com/search?q=sendfile&type=code)<br>[syscall.Sendfile](https://github.com/search?q=syscall.Sendfile&type=code) |
+| LOW | [os/kernel/netlink](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/kernel/netlink.yara#netlink) | communicate with kernel services | [netlink](https://github.com/search?q=netlink&type=code) |
+| LOW | [os/kernel/seccomp](https://github.com/chainguard-dev/malcontent/blob/main/rules/os/kernel/seccomp.yara#seccomp) | [operate on Secure Computing state of the process](https://man7.org/linux/man-pages/man2/seccomp.2.html) | [seccomp](https://github.com/search?q=seccomp&type=code) |
+| LOW | [privesc/setuid](https://github.com/chainguard-dev/malcontent/blob/main/rules/privesc/setuid.yara#setuid) | [set real and effective user ID of current process](https://man7.org/linux/man-pages/man2/setuid.2.html) | [setuid](https://github.com/search?q=setuid&type=code) |
+| LOW | [process/chdir](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/chdir.yara#chdir_shell) | changes working directory | [cd](https://github.com/search?q=cd&type=code) |
+| LOW | [process/groupid_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/groupid-set.yara#setgid) | set real, effective, and saved group ID of process | [setgid](https://github.com/search?q=setgid&type=code) |
+| LOW | [process/groups_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/groups-set.yara#setgroups) | set group access list | [setgroups](https://github.com/search?q=setgroups&type=code) |
+| LOW | [process/multithreaded](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/multithreaded.yara#pthread_create) | [creates pthreads](https://man7.org/linux/man-pages/man3/pthread_create.3.html) | [pthread_create](https://github.com/search?q=pthread_create&type=code) |
+| LOW | [process/namespace_set](https://github.com/chainguard-dev/malcontent/blob/main/rules/process/namespace-set.yara#setns) | associate thread or process with a namespace | [setns](https://github.com/search?q=setns&type=code) |
+
diff --git a/tests/linux/clean/pypi_package_index.json.simple b/tests/linux/clean/pypi_package_index.json.simple
index e69de29bb..44869b4fd 100644
--- a/tests/linux/clean/pypi_package_index.json.simple
+++ b/tests/linux/clean/pypi_package_index.json.simple
@@ -0,0 +1,146 @@
+# linux/clean/pypi_package_index.json: critical
+anti-static/obfuscation/obfuscate: low
+c2/discovery/dyndns: medium
+c2/tool_transfer/download: medium
+c2/tool_transfer/dropper: medium
+collect/archives/unarchive: medium
+collect/archives/zip: medium
+collect/databases/leveldb: medium
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/gaming/minecraft: medium
+credential/keychain: medium
+credential/keylogger: medium
+credential/password: low
+credential/password/hashcat: medium
+credential/sniffer/bpf: medium
+credential/ssh/d: medium
+credential/ssh/d_memory_map: high
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/blockchain: medium
+crypto/cipher: medium
+crypto/ed25519: low
+crypto/encrypt: medium
+crypto/fernet: medium
+crypto/openssl: medium
+crypto/public_key: low
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/encoding/base64: low
+data/hash/blake2b: low
+data/random/insecure: low
+discover/ip/geo: high
+discover/ip/public: high
+discover/network/interface_list: medium
+discover/network/netstat: medium
+discover/processes/list: medium
+discover/processes/pgrep: medium
+discover/system/cpu: low
+discover/system/machine_id: low
+discover/system/platform: low
+discover/system/sysinfo: medium
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/logging/acct: low
+evasion/process_injection/ptrace: medium
+evasion/process_injection/readelf: medium
+evasion/rootkit/refs: medium
+evasion/rootkit/userspace: critical
+exec/dylib/symbol_address: medium
+exec/install_additional/pip_install: high
+exec/plugin: low
+exec/program: medium
+exec/script/osa: medium
+exec/shell/power: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: medium
+exec/tty/getpass: low
+exfil/office_file_ext: medium
+exfil/stealer/archive: high
+fs/directory/create: low
+fs/file/delete: low
+fs/file/times_set: medium
+fs/link_create: low
+fs/lock_update: low
+fs/mount: low
+fs/permission/modify: medium
+fs/proc/pid_cmdline: low
+fs/symlink_resolve: low
+fs/tempdir/TEMP: low
+fs/tempfile: low
+fs/watch: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/cryptojacking/competitive: critical
+impact/cryptojacking/cryptonight: high
+impact/cryptojacking/generic: high
+impact/cryptojacking/monero_pool: medium
+impact/cryptojacking/multiple: critical
+impact/cryptojacking/nicehash_pool: high
+impact/cryptojacking/xmrig: high
+impact/ddos: high
+impact/exploit: high
+impact/exploit/cve: medium
+impact/infection/worm: medium
+impact/ransom/decryptor: medium
+impact/remote_access/backdoor: high
+impact/remote_access/crypto_listen_socks: medium
+impact/remote_access/heartbeat: medium
+impact/remote_access/implant: medium
+impact/remote_access/iptables: medium
+impact/remote_access/net_shell: high
+impact/remote_access/reverse_shell: high
+impact/remote_access/trojan: medium
+impact/ui/screen_capture: high
+impact/ui/x11_auth: medium
+lateral/scan/brute_force: low
+malware/ref: medium
+net/dns/over_https: medium
+net/download: medium
+net/http/auth: low
+net/http/oauth2: low
+net/http/request: low
+net/http/webhook: medium
+net/ip/host_port: medium
+net/ip/multicast_send: low
+net/ip/spoof: medium
+net/proxy/reverse: medium
+net/proxy/shadowsocks: high
+net/proxy/socks5: medium
+net/proxy/tunnel: medium
+net/rpc/ntlm: medium
+net/socket/listen: medium
+net/socket/pair: medium
+net/socket/receive: low
+net/socket/send: low
+net/tcp/sftp: medium
+net/tcp/synflood: medium
+net/url/encode: medium
+net/url/parse: low
+os/fd/sendfile: low
+os/kernel/hardware_locality: low
+os/kernel/key_management: low
+os/kernel/netlink: low
+os/time/tzinfo: low
+persist/cron/tab: medium
+persist/daemon: medium
+persist/daemon/detach: medium
+persist/launchd/launch_agent: medium
+privesc/rootshell: high
+privesc/sudo: medium
+process/chroot: low
+process/multi: medium
+process/terminate/taskkill: medium
+process/unshare: low
+sec-tool/net/masscan: high
+sec-tool/net/nmap: medium
+sec-tool/pentest/metasploit_ref: medium
+sus/intercept: medium
+sus/leetspeak: medium
+sus/malicious: medium
diff --git a/tests/linux/clean/rules.json.simple b/tests/linux/clean/rules.json.simple
index e69de29bb..8930790ee 100644
--- a/tests/linux/clean/rules.json.simple
+++ b/tests/linux/clean/rules.json.simple
@@ -0,0 +1,79 @@
+# linux/clean/rules.json: critical
+anti-static/obfuscation/hex: medium
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/cloud/aws: medium
+credential/os/gshadow: medium
+credential/os/shadow: medium
+credential/password: low
+credential/server/htpasswd: medium
+credential/shell/bash_history: medium
+credential/shell/zsh_history: high
+credential/ssh: high
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+crypto/openssl: medium
+data/base64/decode: medium
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/encoding/base64: low
+discover/multiple: medium
+discover/system/dmesg: low
+discover/system/platform: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/file/location/var_run: medium
+evasion/file/prefix: medium
+evasion/logging/acct: low
+evasion/process_injection/readelf: medium
+exec/plugin: low
+exec/shell/bash_dev_udp: medium
+exec/shell/command: medium
+exec/shell/nohup: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+exec/tty/pathname: medium
+exfil: medium
+exfil/stealer/linux_server: high
+fs/fifo_create: low
+fs/file/times_set: medium
+fs/lock_update: low
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/home: low
+fs/path/home_config: low
+fs/path/tmp: medium
+fs/path/var: low
+fs/permission/modify: medium
+fs/tempfile: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/exploit: medium
+impact/exploit/cve: medium
+impact/remote_access/iptables: medium
+net/dns/servers: low
+net/download: medium
+net/ftp/t: low
+net/http/cookies: medium
+net/http/webhook: medium
+net/ip/host_port: medium
+net/socket/connect: medium
+net/tcp/sftp: medium
+persist/cron/tab: medium
+persist/daemon: medium
+persist/linux_multi: high
+persist/shell/bash: medium
+persist/shell/zsh: medium
+persist/ssh_authorized_keys: medium
+process/chroot: low
+process/unshare: low
+sec-tool/net/masscan: high
+sec-tool/net/nmap: medium
diff --git a/tests/linux/clean/searchindex.json.simple b/tests/linux/clean/searchindex.json.simple
index e69de29bb..26077f5a7 100644
--- a/tests/linux/clean/searchindex.json.simple
+++ b/tests/linux/clean/searchindex.json.simple
@@ -0,0 +1,72 @@
+# linux/clean/searchindex.json: medium
+anti-static/obfuscation/obfuscate: low
+c2/addr/discord: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/dropper: medium
+c2/tool_transfer/os: medium
+credential/keylogger: medium
+credential/password: low
+crypto/encrypt: medium
+crypto/openssl: medium
+crypto/public_key: low
+data/compression/bzip2: low
+data/compression/zlib: low
+data/embedded/html: medium
+data/random/insecure: low
+discover/components/docker: medium
+discover/system/platform: low
+discover/system/sysinfo: medium
+evasion/file/location/chdir_unusual: medium
+evasion/file/location/system_directory: medium
+evasion/rootkit/refs: medium
+evasion/rootkit/userspace: medium
+exec/install_additional/package_install: medium
+exec/install_additional/pip_install: medium
+exec/plugin: low
+exec/program: medium
+exec/shell/command: medium
+exec/shell/exec: medium
+exec/system_controls/systemd: low
+exfil/stealer/credit_card: medium
+fs/directory/create: low
+fs/file/delete: low
+fs/file/delete_forcibly: medium
+fs/file/times_set: medium
+fs/mount: low
+fs/path/boot: medium
+fs/path/dev: medium
+fs/path/etc: low
+fs/path/etc_resolv.conf: low
+fs/path/home: low
+fs/path/tmp: medium
+fs/path/users: medium
+fs/path/usr_local: medium
+fs/path/var: low
+fs/path/var_log: medium
+fs/watch: low
+impact/exploit: medium
+impact/infection/infected: medium
+impact/remote_access/agent: medium
+impact/remote_access/backdoor: medium
+impact/remote_access/reverse_shell: medium
+impact/remote_access/trojan: medium
+malware/ref: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download/fetch: medium
+net/ip/addr: medium
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/spoof: medium
+net/socket/listen: medium
+net/socket/send: low
+net/tcp/ssh: medium
+net/url/embedded: medium
+persist/cron/tab: medium
+persist/daemon: medium
+persist/service/start: low
+privesc/sudo: medium
+process/chdir: low
+process/chroot: low
+process/executable_path: low
+sus/malicious: medium
diff --git a/tests/linux/clean/sonarlint-metadata.json.simple b/tests/linux/clean/sonarlint-metadata.json.simple
index e69de29bb..84712de94 100644
--- a/tests/linux/clean/sonarlint-metadata.json.simple
+++ b/tests/linux/clean/sonarlint-metadata.json.simple
@@ -0,0 +1,70 @@
+# linux/clean/sonarlint-metadata.json: critical
+c2/addr/ip: medium
+c2/tool_transfer/dropper: high
+c2/tool_transfer/os: medium
+collect/archives/zip: medium
+collect/databases/mysql: medium
+credential/password: low
+credential/shell/bash_history: high
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ed25519: low
+crypto/openssl: medium
+crypto/public_key: low
+crypto/uuid: medium
+data/encoding/json_decode: low
+data/encoding/json_encode: low
+discover/network/interface_list: medium
+discover/process/working_directory: low
+discover/user/USER: low
+evasion/file/location/dev_mqueue: medium
+evasion/file/prefix: medium
+exec/plugin: low
+exfil/stealer/credit_card: medium
+fs/directory/create: low
+fs/file/copy: medium
+fs/file/delete_forcibly: low
+fs/file/open: low
+fs/file/read: low
+fs/file/write: low
+fs/path/dev: medium
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/home: low
+fs/path/relative: medium
+fs/path/tmp: medium
+fs/path/users: medium
+fs/path/usr_bin: low
+fs/path/var: low
+fs/permission/modify: high
+fs/tempdir: low
+impact/ddos: medium
+impact/exploit: medium
+impact/infection/infected: medium
+impact/remote_access/agent: medium
+lateral/scan/brute_force: low
+malware/ref: medium
+net/download: medium
+net/http/2: low
+net/http/cookies: medium
+net/http/form_upload: medium
+net/http/post: medium
+net/http/request: low
+net/http/websocket: medium
+net/ip/addr: medium
+net/ip/host_port: medium
+net/ip/spoof: medium
+net/socket/listen: medium
+net/socket/send: low
+net/tcp/sftp: medium
+net/tcp/ssh: medium
+net/url/embedded: medium
+net/url/encode: medium
+os/env/get: low
+os/fd/read: low
+os/fd/write: low
+persist/writeable_dir: medium
+sus/intercept: medium
+sus/malicious: medium
diff --git a/tests/linux/clean/vitess/vtadmin.simple b/tests/linux/clean/vitess/vtadmin.simple
index e69de29bb..986ed0fae 100644
--- a/tests/linux/clean/vitess/vtadmin.simple
+++ b/tests/linux/clean/vitess/vtadmin.simple
@@ -0,0 +1,163 @@
+# linux/clean/vitess/vtadmin: high
+anti-static/obfuscation/obfuscate: low
+c2/addr/http_dynamic: medium
+c2/addr/ip: medium
+c2/addr/server: medium
+c2/client: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: medium
+collect/archives/zip: medium
+collect/databases/leveldb: medium
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/cloud/aws: medium
+credential/os/gshadow: medium
+credential/os/shadow: medium
+credential/password: low
+credential/server/htpasswd: medium
+credential/shell/bash_history: medium
+credential/shell/zsh_history: high
+credential/ssh: medium
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ecdsa: low
+crypto/ed25519: low
+crypto/encrypt: medium
+crypto/openssl: medium
+crypto/public_key: low
+crypto/tls: low
+data/base64/decode: medium
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/embedded/html: medium
+data/encoding/base64: low
+data/encoding/json: low
+data/encoding/json_decode: low
+data/hash/md5: low
+discover/cloud/google_metadata: low
+discover/system/cpu: low
+discover/system/dmesg: low
+discover/system/hostname: low
+discover/system/platform: low
+discover/user/HOME: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/file/location/var_run: medium
+evasion/file/prefix: medium
+evasion/logging/acct: low
+evasion/process_injection/readelf: medium
+exec/cmd: medium
+exec/plugin: low
+exec/program: medium
+exec/program/hidden: medium
+exec/shell/SHELL: low
+exec/shell/TERM: low
+exec/shell/background_sleep: medium
+exec/shell/bash_dev_udp: medium
+exec/shell/command: medium
+exec/shell/exec: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+exec/tty/pathname: medium
+exfil: medium
+fs/directory/create: low
+fs/directory/list: low
+fs/directory/remove: low
+fs/fifo_create: low
+fs/file/copy: medium
+fs/file/delete: low
+fs/file/open: low
+fs/file/read: low
+fs/file/rename: low
+fs/file/stat: low
+fs/file/times_set: medium
+fs/file/write: low
+fs/link_read: low
+fs/lock_update: low
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/etc_resolv.conf: low
+fs/path/home: low
+fs/path/home_config: low
+fs/path/relative: medium
+fs/path/tmp: medium
+fs/path/usr_bin: low
+fs/path/usr_sbin: low
+fs/path/var: low
+fs/permission/chown: medium
+fs/permission/modify: medium
+fs/proc/self_cgroup: medium
+fs/proc/self_mountinfo: medium
+fs/tempdir/TEMP: low
+fs/tempdir/create: low
+fs/tempfile: low
+fs/watch: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/exploit: medium
+impact/remote_access/heartbeat: medium
+impact/remote_access/iptables: medium
+net/dns: low
+net/dns/reverse: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download: medium
+net/download/fetch: medium
+net/http/2: low
+net/http/accept: medium
+net/http/accept_encoding: low
+net/http/auth: low
+net/http/content_length: medium
+net/http/cookies: medium
+net/http/form_upload: medium
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/http/webhook: medium
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/parse: medium
+net/resolve/hostname: low
+net/socket/connect: medium
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+net/tcp/connect: medium
+net/tcp/grpc: low
+net/tcp/sftp: medium
+net/tcp/ssh: medium
+net/udp/receive: low
+net/udp/send: low
+net/url/embedded: low
+net/url/encode: medium
+net/url/parse: low
+net/url/request: medium
+os/env/get: low
+os/fd/sendfile: low
+os/kernel/netlink: low
+persist/cron/tab: medium
+persist/pid_file: medium
+persist/ssh_authorized_keys: medium
+process/chdir: low
+process/chroot: low
+process/groups_set: low
+process/unshare: low
+sec-tool/net/masscan: high
+sec-tool/net/nmap: medium
+sus/exclamation: medium
+sus/intercept: medium
+sus/leetspeak: medium
diff --git a/tests/linux/clean/vitess/vtclient.simple b/tests/linux/clean/vitess/vtclient.simple
index e69de29bb..5b38246e0 100644
--- a/tests/linux/clean/vitess/vtclient.simple
+++ b/tests/linux/clean/vitess/vtclient.simple
@@ -0,0 +1,150 @@
+# linux/clean/vitess/vtclient: high
+anti-static/obfuscation/obfuscate: low
+c2/addr/http_dynamic: medium
+c2/addr/ip: medium
+c2/addr/server: medium
+c2/client: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: medium
+collect/archives/zip: medium
+collect/databases/leveldb: medium
+collect/databases/mysql: medium
+collect/databases/postgresql: medium
+collect/databases/sqlite: medium
+credential/cloud/aws: medium
+credential/os/gshadow: medium
+credential/os/shadow: medium
+credential/password: low
+credential/server/htpasswd: medium
+credential/shell/bash_history: medium
+credential/shell/zsh_history: high
+credential/ssh: medium
+credential/ssh/authorized_hosts: medium
+credential/ssh/d: medium
+credential/ssl/private_key: low
+crypto/aes: low
+crypto/cipher: medium
+crypto/decrypt: low
+crypto/ecdsa: low
+crypto/ed25519: low
+crypto/encrypt: medium
+crypto/openssl: medium
+crypto/public_key: low
+crypto/tls: low
+data/base64/decode: medium
+data/compression/bzip2: low
+data/compression/gzip: low
+data/compression/lzma: low
+data/compression/zlib: low
+data/compression/zstd: low
+data/embedded/html: medium
+data/encoding/base64: low
+data/encoding/json: low
+data/encoding/json_decode: low
+data/hash/md5: low
+discover/cloud/google_metadata: low
+discover/system/cpu: low
+discover/system/dmesg: low
+discover/system/hostname: low
+discover/system/platform: low
+discover/user/HOME: low
+discover/user/USER: low
+discover/user/name_get: medium
+evasion/bypass_security/linux/iptables: medium
+evasion/bypass_security/linux/ufw: medium
+evasion/file/location/var_run: medium
+evasion/file/prefix: medium
+evasion/logging/acct: low
+evasion/process_injection/readelf: medium
+exec/plugin: low
+exec/program: medium
+exec/shell/background_sleep: medium
+exec/shell/bash_dev_udp: medium
+exec/shell/command: medium
+exec/system_controls/apparmor: medium
+exec/system_controls/systemd: low
+exec/tty/pathname: medium
+exfil: medium
+fs/directory/create: low
+fs/directory/list: low
+fs/directory/remove: low
+fs/fifo_create: low
+fs/file/copy: medium
+fs/file/delete: low
+fs/file/open: low
+fs/file/read: low
+fs/file/rename: low
+fs/file/stat: low
+fs/file/times_set: medium
+fs/link_read: low
+fs/lock_update: low
+fs/mount: low
+fs/node_create: low
+fs/path/etc: low
+fs/path/etc_hosts: medium
+fs/path/etc_resolv.conf: low
+fs/path/home: low
+fs/path/home_config: low
+fs/path/relative: medium
+fs/path/tmp: medium
+fs/path/var: low
+fs/permission/chown: medium
+fs/permission/modify: medium
+fs/proc/self_cgroup: medium
+fs/proc/self_mountinfo: medium
+fs/tempdir/TEMP: low
+fs/tempfile: low
+fs/watch: low
+hw/hardware_enumeration: medium
+hw/wireless: low
+impact/exploit: medium
+impact/remote_access/heartbeat: medium
+impact/remote_access/iptables: medium
+net/dns: low
+net/dns/reverse: medium
+net/dns/servers: low
+net/dns/txt: low
+net/download: medium
+net/http/2: low
+net/http/accept: medium
+net/http/accept_encoding: low
+net/http/auth: low
+net/http/content_length: medium
+net/http/cookies: medium
+net/http/form_upload: medium
+net/http/post: medium
+net/http/proxy: low
+net/http/request: low
+net/http/webhook: medium
+net/ip/host_port: medium
+net/ip/icmp: medium
+net/ip/parse: medium
+net/resolve/hostname: low
+net/socket/connect: medium
+net/socket/listen: medium
+net/socket/local_addr: low
+net/socket/peer_address: low
+net/socket/receive: low
+net/socket/send: low
+net/tcp/connect: medium
+net/tcp/grpc: low
+net/tcp/sftp: medium
+net/udp/receive: low
+net/udp/send: low
+net/url/embedded: low
+net/url/encode: medium
+net/url/parse: low
+net/url/request: medium
+os/env/get: low
+os/fd/sendfile: low
+os/kernel/netlink: low
+persist/cron/tab: medium
+persist/pid_file: medium
+persist/ssh_authorized_keys: medium
+process/chroot: low
+process/groups_set: low
+process/unshare: low
+sec-tool/net/masscan: high
+sec-tool/net/nmap: medium
+sus/exclamation: medium
+sus/intercept: medium
diff --git a/tests/linux/clean/wikiticker-2015-09-12-sampled.json.simple b/tests/linux/clean/wikiticker-2015-09-12-sampled.json.simple
index e69de29bb..cc24804dd 100644
--- a/tests/linux/clean/wikiticker-2015-09-12-sampled.json.simple
+++ b/tests/linux/clean/wikiticker-2015-09-12-sampled.json.simple
@@ -0,0 +1,22 @@
+# linux/clean/wikiticker-2015-09-12-sampled.json: high
+anti-behavior/blocklist/user: medium
+c2/addr/ip: medium
+c2/tool_transfer/arch: low
+c2/tool_transfer/os: medium
+credential/gaming/minecraft: medium
+crypto/aes: low
+crypto/fernet: medium
+exfil/stealer/wallet: medium
+fs/file/delete_forcibly: low
+fs/path/relative: medium
+impact/infection/worm: medium
+impact/remote_access/agent: medium
+impact/remote_access/botnet: high
+impact/remote_access/implant: medium
+impact/remote_access/trojan: medium
+net/download: medium
+net/http/cookies: medium
+net/http/post: medium
+net/url/embedded: medium
+persist/daemon: medium
+sus/exclamation: medium
diff --git a/tests/npm/2024.depe-tool/preinstall.json.simple b/tests/npm/2024.depe-tool/preinstall.json.simple
index e69de29bb..7e3cfef4c 100644
--- a/tests/npm/2024.depe-tool/preinstall.json.simple
+++ b/tests/npm/2024.depe-tool/preinstall.json.simple
@@ -0,0 +1,4 @@
+# npm/2024.depe-tool/preinstall.json: high
+anti-static/obfuscation/hex: medium
+exec/remote_commands/code_eval: medium
+impact/remote_access/payload: high
diff --git a/tests/ruby/2020.bitcoin-ruby/the_Score.vbs.simple b/tests/ruby/2020.bitcoin-ruby/the_Score.vbs.simple
index e69de29bb..61d94e97e 100644
--- a/tests/ruby/2020.bitcoin-ruby/the_Score.vbs.simple
+++ b/tests/ruby/2020.bitcoin-ruby/the_Score.vbs.simple
@@ -0,0 +1,4 @@
+# ruby/2020.bitcoin-ruby/the_Score.vbs: medium
+exec/script/wsh: medium
+fs/file/delete: medium
+fs/path/windows_root: low
diff --git a/tests/samples_test.go b/tests/samples_test.go
index 237537285..dee3eb899 100644
--- a/tests/samples_test.go
+++ b/tests/samples_test.go
@@ -181,6 +181,7 @@ func TestSimple(t *testing.T) {
 				Concurrency:           runtime.NumCPU(),
 				IgnoreSelf:            false,
 				IgnoreTags:            []string{"harmless"},
+				IncludeDataFiles:      true,
 				MinFileRisk:           1,
 				MinRisk:               1,
 				QuantityIncreasesRisk: true,