0xcpu

//
//  main.m
//  EndpointSecurityDemo
//
//  Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
//  Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
//  Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
//  Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
//  Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
//  Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)

0xcpu

Malware Sample Inspected

Trickbot COVID macro lure via MSFT: ec34b207d503a3c95ee743ee296a08e93a5e960aa4611ea8c39d8e5d4c5f6593

test.js

eval("WScript.CreateObject(\"WScript.Shell\").Run(\"calc.exe\");");

0xcpu

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION