TriangleDB
TriangleDB is an Objective-C written implant deployed after Binary Validator and after root privileges are obtained during Operation Triangulation’s infection chain. Upon execution, TriangleDB communicates with the C2 server, relaying information about the victim device.[1]
ID: S1216
ⓘ
Type: MALWARE
ⓘ
Platforms: iOS
Version: 1.0
Created: 27 March 2025
Last Modified: 02 April 2025
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1634 | .001 | Credentials from Password Store: Keychain |
TriangleDB has extracted the device’s keychain.[1] |
| Mobile | ||||