Skip to content

Hide Navigation Hide TOC

TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f)

TriangleDB is an Objective-C written implant deployed after Binary Validator and after root privileges are obtained during Operation Triangulation’s infection chain. Upon execution, TriangleDB communicates with the C2 server, relaying information about the victim device.(Citation: SecureList OpTriangulation 21Jun2023)

Cluster A Galaxy A Cluster B Galaxy B Level
Ingress Tool Transfer - T1544 (2bb20118-e6c0-41dc-a07c-283ea4dd0fb8) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern 1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern 1
TriangleDB - S1216 (1393fb21-d09f-4ce8-96cf-1bcc9881765f) Malware Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern 1
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern 2
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2
Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern 2