ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool TriangleDB

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: TriangleDB

NamesTriangleDB
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Kaspersky) The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.
Information<https://securelist.com/triangledb-triangulation-implant/110050/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/ios.triangledb>

Last change to this tool card: 13 October 2023

Download this tool card in JSON format

All groups using tool TriangleDB

ChangedNameCountryObserved

APT groups

 Operation Triangulation[Unknown]2023 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]