[threat-actors] Add Asnarök

clusters/threat-actor.json

@@ -17001,6 +17001,20 @@
       },
       "uuid": "94f0fd5e-68a7-458a-bb5f-f2f4e5230fcc",
       "value": "Anonymous64"
+    },
+    {
+      "description": "Asnarök is a threat actor that exploited CVE-2020-12271 and utilized command injection privilege escalation to gain root access to devices and install the Asnarök Trojan and demonstrated significant changes in TTPs, including the deployment of a web shell that did not reach out to external C2 for commands. X-Ops identified a patient-zero device linked to the attack and observed the use of an IC.sh script that stole local user account data. The actor's activities were linked to a broader pattern of malicious exploit research and targeted vulnerabilities disclosed by bug bounty researchers.",
+      "meta": {
+        "refs": [
+          "https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/",
+          "https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/"
+        ],
+        "synonyms": [
+          "Personal Panda"
+        ]
+      },
+      "uuid": "4e26b4ac-5530-428b-8694-3dd6d24ee286",
+      "value": "Asnarök"
     }
   ],
   "version": 318