Donot (APT-C-35), named and tracked by PatchSky TIC, is an attack group that mainly targets countries such as Pakistan in South Asia. This APT group usually carries out target attacks against government agencies to steal sensitive information. In addition to spreading malware via spear fishing email with Office attachment containing either vulnerability or malicious macro, this group is particularly good at leveraging malicious Android APKs in the target attacks.

https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/