APT 40 in Malaysia

Feb 7 · 1 min read

The cert of Malaysia made an advisory the 5th february.

It’s published many TTPs and IOCs on this group:

There is many links interessisting:

the first are this IP and In my yeti, I found many relative observables on it:

hxxp:// and hxxp://

this Urls were used by a campaign discovered by ClearSky

targeting Malaysia. The victimology is interesting because it’s concerning transport industry.

Another link interesting with this advisories is the link wit another campaign in November


found by

Malware used here is Dadjoke.

APT40 is an active Chinese group in South Asia, near of the MSS (Intelligence Service of China) according Intrusion Truth https://intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/


Written by


OSINT, Python,Malware Analysis, Botnet Tracker, SIEM and IPS/IDS and Threats Expert / co-organizer #BotConf / co-creator of #FastIR/ Researcher at @Epita

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade