Malware
DADJOKE
DADJOKE was discovered as being distributed via email, targeting a South-East Asian Ministry of Defense.
DADJOKE is a Windows malware family operated by Leviathan.
Background
DADJOKE was first observed spreading through email aimed at a South-East Asian Ministry of Defense. The malware arrives as an EXE embedded in a Word document, leveraging remote templates and a distinctive macro that issues multiple GET requests, with the payload sideloaded via load-order hijacking against a legitimate Windows Defender executable. Its first stage, disguised as a PNG, provides only beacon and download capability. Kaspersky's follow-up analysis identified eight campaigns across 2019 with no activity before January 2019, and attributes DADJOKE to APT40 with medium confidence.
Source: Malpedia (Fraunhofer FKIE).