Though there has been consistent growth in APT activities from emerging markets, little intelligence is available on them. By tracking 1200+ command-and-control servers, we present our findings in tracking nine actors from India (1), South Africa (1), Nigeria (6), and Indonesia (1): where they are, how they attack, who they target, and who they've compromised. We show how this region is responsible for a majority of banking trojan attacks, and how these actors have changed their strategy since Mar 2015 by abandoning Zeus and adopting new campaign techniques.