UAT-5394UAT-5394

Also known as: UAT-5394

Known aliases
1

Profile

UAT-5394 is a state-sponsored North Korean threat actor known for developing the MoonPeak RAT, which is based on XenoRAT. They have transitioned from using QuasarRAT to MoonPeak and have established command and control infrastructure. UAT-5394 employs tactics such as using RDP for remote access and has implemented State Machines in their malware to complicate analysis. Their activity indicates a focus on rapidly evolving their malware and infrastructure to enhance operational capabilities.

Aliases· 1

UAT-5394

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC5342
Actor
APT43
Actor
APT45
Actor
TA444
Actor
UAC-0194
Actor
UAT-5918
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.