{"description": "Mobile techniques used by TriangleDB, ATT&CK software S1216 (v1.0)", "name": "TriangleDB (S1216)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1634", "showSubtechniques": true}, {"techniqueID": "T1634.001", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has extracted the device\u2019s keychain.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1533", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has collected and exfiltrated files.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1521", "showSubtechniques": true}, {"techniqueID": "T1521.001", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has encrypted data using 3DES.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1521.002", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has encrypted data using RSA.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1420", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has obtained a list of files using the `fts` API and has obtained files that match a specified regular expression.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1630", "showSubtechniques": true}, {"techniqueID": "T1630.002", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has deleted an implant module or specified files.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1544", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has loaded additional modules stored in memory.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1430", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has monitored the device\u2019s geolocation, which includes coordinates, altitude, bearing and speed.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1644", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has used the Protobuf library for command and control communication.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1424", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has collected a list of running processes.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has obtained a list of installed applications.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1422", "comment": "[TriangleDB](https://attack.mitre.org/software/S1216) has collected and sent information on the device\u2019s IMEI, MEID, serial number and other device information.(Citation: SecureList OpTriangulation 21Jun2023) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by TriangleDB", "color": "#66b1ff"}]}