Skip to content

Hide Navigation Hide TOC

TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f)

TriangleDB is an Objective-C written implant deployed after Binary Validator and after root privileges are obtained during Operation Triangulation’s infection chain. Upon execution, TriangleDB communicates with the C2 server, relaying information about the victim device.(Citation: SecureList OpTriangulation 21Jun2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern 1
Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) Attack Pattern 1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern 2
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern 2