After analyzing an APT1 malware sample, we can discover some typical activities performed by the malware. We learned how to create a rule based on the Yara signature to detect the presence of APT1 malware. Of course, this cannot be done without the help of Volatility in memory forensics. A strong knowledge in memory forensic is needed while performing analysis in APT1 malware sample is needed, because they can easily fool us with unexpected conditions. That is when experience comes in handy; so keep learning from new and old malware and always share your findings on the Internet so that others can learn from it, especially right now during the time of the rise of document-based malware, and when we are on the losing side in the war against ...