Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)

Binary Validator is a Mach-O binary file used during Operation Triangulation.(Citation: SecureList OpTriangulation 23Oct2023) Binary Validator first collects information about the device, such as the device's phone number and a list of installed applications, before the deployment of the TriangleDB implant. After the actions are completed and the data is collected, Binary Validator encrypts and sends the data to the C2 server, and in turn, the C2 server sends the TriangleDB implant.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	Execution Guardrails - T1627 (498e7b81-238d-404c-aa5e-332904d63286)	Attack Pattern	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	1
Binary Validator - S1215 (b0a243dd-8075-42f9-86f6-64989600ed20)	Malware	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	2