The Andariel threat group has been discovered to be using MeshAgent when attacking Korean companies. The group has previously attacked Korean Asset management solutions for installing malware, such as AndarLoader and ModeLoader. However, MeshAgent is used alongside other remote management tools due to the diverse remote control features it offers.
Source: GBHackers