mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
[threat-actors] Add Asnarök
This commit is contained in:
parent
540c4e542e
commit
5c0ec348c9
1 changed files with 14 additions and 0 deletions
|
@ -17001,6 +17001,20 @@
|
|||
},
|
||||
"uuid": "94f0fd5e-68a7-458a-bb5f-f2f4e5230fcc",
|
||||
"value": "Anonymous64"
|
||||
},
|
||||
{
|
||||
"description": "Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asnarök Trojan and demonstrated significant changes in TTPs, including the deployment of a web shell that did not reach out to external C2 for commands. X-Ops identified a patient-zero device linked to the attack and observed the use of an IC.sh script that stole local user account data. The actor's activities were linked to a broader pattern of malicious exploit research and targeted vulnerabilities disclosed by bug bounty researchers.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/",
|
||||
"https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Personal Panda"
|
||||
]
|
||||
},
|
||||
"uuid": "4e26b4ac-5530-428b-8694-3dd6d24ee286",
|
||||
"value": "Asnarök"
|
||||
}
|
||||
],
|
||||
"version": 318
|
||||
|
|
Loading…
Reference in a new issue