Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)

Binary Validator is a Mach-O binary file used during Operation Triangulation.(Citation: SecureList OpTriangulation 23Oct2023) Binary Validator first collects information about the device, such as the device's phone number and a list of installed applications, before the deployment of the TriangleDB implant. After the actions are completed and the data is collected, Binary Validator encrypts and sends the data to the C2 server, and in turn, the C2 server sends the TriangleDB implant.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	2