{
	"id": "533e1b55-c4e2-4876-acd0-0e6dd9ecfc19",
	"created_at": "2026-04-06T00:16:29.819108Z",
	"updated_at": "2026-04-10T13:11:35.555369Z",
	"deleted_at": null,
	"sha1_hash": "67cc24b964df77f2420e3ea65391b82c83bd8c20",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46090,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:45:46 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool TriangleDB\n Tool: TriangleDB\nNames TriangleDB\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Kaspersky) The implant, which we dubbed TriangleDB, is deployed after the attackers\nobtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is\ndeployed in memory, meaning that all traces of the implant are lost when the device gets\nrebooted. Therefore, if the victim reboots their device, the attackers have to reinfect it by\nsending an iMessage with a malicious attachment, thus launching the whole exploitation\nchain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless\nthis period is extended by the attackers.\nInformation MITRE ATT\u0026CK Malpedia Last change to this tool card: 28 June 2025\nDownload this tool card in JSON format\nAll groups using tool TriangleDB\nChanged Name Country Observed\nAPT groups\n Operation Triangulation [Unknown] 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84e19d-bf8d-44a9-92d5-f95c00d67b46\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84e19d-bf8d-44a9-92d5-f95c00d67b46\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84e19d-bf8d-44a9-92d5-f95c00d67b46\r\nPage 2 of 2\n\nAPT groups Operation Triangulation [Unknown] 2023 \n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84e19d-bf8d-44a9-92d5-f95c00d67b46"
	],
	"report_names": [
		"listgroups.cgi?u=5f84e19d-bf8d-44a9-92d5-f95c00d67b46"
	],
	"threat_actors": [
		{
			"id": "ad08bd3d-e65c-4cfd-874a-9944380573fd",
			"created_at": "2023-06-23T02:04:34.517668Z",
			"updated_at": "2026-04-10T02:00:04.842233Z",
			"deleted_at": null,
			"main_name": "Operation Triangulation",
			"aliases": [],
			"source_name": "ETDA:Operation Triangulation",
			"tools": [
				"TriangleDB"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "113b8930-4626-4fa0-9a3a-bcf3ef86f595",
			"created_at": "2024-02-06T02:00:04.14393Z",
			"updated_at": "2026-04-10T02:00:03.578394Z",
			"deleted_at": null,
			"main_name": "Operation Triangulation",
			"aliases": [],
			"source_name": "MISPGALAXY:Operation Triangulation",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434589,
	"ts_updated_at": 1775826695,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/67cc24b964df77f2420e3ea65391b82c83bd8c20.pdf",
		"text": "https://archive.orkl.eu/67cc24b964df77f2420e3ea65391b82c83bd8c20.txt",
		"img": "https://archive.orkl.eu/67cc24b964df77f2420e3ea65391b82c83bd8c20.jpg"
	}
}