TriangleDB

Description

(Kaspersky) The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers.

Names

Name
TriangleDB

Type

Backdoor
Info stealer
Exfiltration

Information

https://securelist.com/triangledb-triangulation-implant/110050/

Mitre Attack

https://attack.mitre.org/software/S1216

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ios.triangledb

Other Information

Uuid

5f84e19d-bf8d-44a9-92d5-f95c00d67b46

Last Card Change

2025-06-28

Threat Intelligence Garden

Explorer

TriangleDB

TriangleDB

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks