From 5c0ec348c9281f6f7339a91654717068bed8ddb5 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Nov 2024 10:43:26 -0700
Subject: [PATCH] =?UTF-8?q?[threat-actors]=20Add=20Asnar=C3=B6k?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f6f4b13..f101a85 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17001,6 +17001,20 @@
       },
       "uuid": "94f0fd5e-68a7-458a-bb5f-f2f4e5230fcc",
       "value": "Anonymous64"
+    },
+    {
+      "description": "Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asnarök Trojan and demonstrated significant changes in TTPs, including the deployment of a web shell that did not reach out to external C2 for commands. X-Ops identified a patient-zero device linked to the attack and observed the use of an IC.sh script that stole local user account data. The actor's activities were linked to a broader pattern of malicious exploit research and targeted vulnerabilities disclosed by bug bounty researchers.",
+      "meta": {
+        "refs": [
+          "https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/",
+          "https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/"
+        ],
+        "synonyms": [
+          "Personal Panda"
+        ]
+      },
+      "uuid": "4e26b4ac-5530-428b-8694-3dd6d24ee286",
+      "value": "Asnarök"
     }
   ],
   "version": 318