Detects the execution of suspicious child processes from macOS installer package parent process. This includes osascript, JXA, curl and wget amongst other interpreters
Detects SILENTTRINITY stager dll loading activity
Detects SILENTTRINITY stager use via PE metadata
Detects artefacts associated with activity group GALLIUM - Microsoft Threat Intelligence Center indicators released in December 2019.