Donot Team, or DOTA as the group is sometimes known, is a threat actor targeting government and military entities in Pakistan and Afghanistan. ESET security researchers have monitored several campaigns that utilized the group's signature, dating back to 2013.

The most recent DonotTeam campaigns seen used the following malware family: CTB-Locker; Trojan-Ransom.AndroidOS.FakeInstal; Trojan-Ransom.AndroidOS.Unlosable. In addition to targeting Pakistan and Afghanistan, Donot Team has also targeted India, Ecuador, Indonesia and Thailand.

The actor commonly spearphishes its targets and uses several social engineering tricks to fool its victims into believing the messages are from a legitimate source.

In order to ensure that their targets open the spearphishing email when the time comes, Donot Team frequently impersonates entities that are relevant to their target nation's politics or military affairs. In these spearphishing attempts they often launch personalized attacks with accurate information about the target.

‍

Source: DoNot Go! Do not respawn! - AlienVault - Open Threat Exchange