Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)

Triada was first reported in 2016 as a second stage malware. Later versions in 2019 appeared with new techniques and as an initial downloader of other Trojan apps.(Citation: Kaspersky Triada March 2016)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Ptrace System Calls - T1631.001 (1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Archive Collected Data - T1532 (e3b936a4-6321-4172-9114-038a866362ec)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	1
Triada - S0424 (f082fc59-0317-49cf-971f-a1b6296ebb52)	Malware	Exfiltration Over C2 Channel - T1646 (32063d7f-0a39-440d-a4a3-2694488f96cc)	Attack Pattern	1
Ptrace System Calls - T1631.001 (1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee)	Attack Pattern	Process Injection - T1631 (b7c0e45f-0206-4f75-96e7-fe7edad3aaff)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	2