[threat-actors] Add Asnarök

This commit is contained in:
Mathieu4141 2024-11-01 10:43:26 -07:00
parent 540c4e542e
commit 5c0ec348c9

View file

@ -17001,6 +17001,20 @@
}, },
"uuid": "94f0fd5e-68a7-458a-bb5f-f2f4e5230fcc", "uuid": "94f0fd5e-68a7-458a-bb5f-f2f4e5230fcc",
"value": "Anonymous64" "value": "Anonymous64"
},
{
"description": "Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asnarök Trojan and demonstrated significant changes in TTPs, including the deployment of a web shell that did not reach out to external C2 for commands. X-Ops identified a patient-zero device linked to the attack and observed the use of an IC.sh script that stole local user account data. The actor's activities were linked to a broader pattern of malicious exploit research and targeted vulnerabilities disclosed by bug bounty researchers.",
"meta": {
"refs": [
"https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/",
"https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/"
],
"synonyms": [
"Personal Panda"
]
},
"uuid": "4e26b4ac-5530-428b-8694-3dd6d24ee286",
"value": "Asnarök"
} }
], ],
"version": 318 "version": 318