Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)

Binary Validator is a Mach-O binary file used during Operation Triangulation.(Citation: SecureList OpTriangulation 23Oct2023) Binary Validator first collects information about the device, such as the device's phone number and a list of installed applications, before the deployment of the TriangleDB implant. After the actions are completed and the data is collected, Binary Validator encrypts and sends the data to the C2 server, and in turn, the C2 server sends the TriangleDB implant.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	2