Advanced Persistent Threat (APT) attribution is a critical task and essential for defensive measure, guiding policy decision, and improving cyber resilience. This research aims to establish a credible connection between APT attack-related malware and the threat groups most likely to be their originators. These malware are usually developed by threat actors who meticulously orchestrate techniques to achieve their objectives. Analyzing these tailored malwares reveals the threat group’s strategic intent, preferred attack vectors, and modus operandi, providing clues about the responsible threat groups. In this study, we conduct experiments to analyze operational behaviours captured from malicious samples, uncovering unique patterns that align with the attack methods of various persistent threat groups. The captured operational behaviours include the modus operandi, in terms of the MITRE ATT&CK framework’s TTP (Tactics, Techniques, and Procedures) and linker timestamp. Among the experiments conducted, the presented method achieves the highest precision of 80.84% in linking a given sample to its corresponding threat group. This presented method demonstrates the feasibility of uncovering associated threat groups from malicious binaries.