Skip to content

Hide Navigation Hide TOC

TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f)

TriangleDB is an Objective-C written implant deployed after Binary Validator and after root privileges are obtained during Operation Triangulation’s infection chain. Upon execution, TriangleDB communicates with the C2 server, relaying information about the victim device.(Citation: SecureList OpTriangulation 21Jun2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern 2