Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 01:01:16 UTC
Home > List all groups > List all tools > List all groups using tool MoonPeak
 Tool: MoonPeak
Names MoonPeak
Category Malware
Type Backdoor
Description
(Talos) This a XenoRAT-based malware, which is under active development by a North
Korean nexus cluster we are calling “UAT-5394.” Our analysis of infrastructure used in the
campaign reveals additional links to the UAT-5394 infrastructure and new tactics, techniques
and procedures (TTPs) of the threat actor.
Information Malpedia Last change to this tool card: 27 December 2024
Download this tool card in JSON format
All groups using tool MoonPeak
Changed Name Country Observed
APT groups
 Kimsuky, Velvet Chollima 2012-Aug 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=73a652ba-a6af-4e0c-a936-bd03af035699
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=73a652ba-a6af-4e0c-a936-bd03af035699
Page 1 of 1