The cert of Malaysia made an advisory the 5th february.
It’s published many TTPs and IOCs on this group:
MyCERT observed an increase in number of artifacts and victims involving a campaign against Malaysian Government…
There is many links interessisting:
the first are this IP 22.214.171.124 and 126.96.36.199. In my yeti, I found many relative observables on it:
hxxp://188.8.131.52/D2_de2o@sp0/ and hxxp://184.108.40.206/main.dotm
this Urls were used by a campaign discovered by ClearSky
targeting Malaysia. The victimology is interesting because it’s concerning transport industry.
Another link interesting with this advisories is the link wit another campaign in November
Malware used here is Dadjoke.
APT40 is an active Chinese group in South Asia, near of the MSS (Intelligence Service of China) according Intrusion Truth https://intrusiontruth.wordpress.com/2020/01/16/apt40-is-run-by-the-hainan-department-of-the-chinese-ministry-of-state-security/