216.73.216.170

MoonPeak malware unveils new details on attacker infrastructure

· Published 21/08/2024 13:02 · Modified 21/08/2024 13:29

Export JSON

Essential information

Published
21/08/2024 13:02
Modified
21/08/2024 13:29
Tags
2024-08-21 moonpeak north korea quasarrat xenorat
Related entities
42 observables, 1 intrusion sets (apt), 20 techniques (mitre), 3 malware

Description

Cisco Talos has uncovered a campaign employing a new malware family called ',' a remote access trojan actively developed by a North Korean advanced persistent threat group tracked as 'UAT-5394.' The analysis reveals the evolution of from an open-source malware called , with the threat actors introducing modifications to evade detection and analysis. Talos mapped the infrastructure used in this campaign, including command and control servers, payload hosting sites, and virtual machines for testing implants, unveiling the tactics, techniques, and procedures employed by UAT-5394.

External references