Traditional malicious code identification software relies primarily on the static signature of the program, and matches malicious samples to specific signatures by mapping files. At present, the traceability of APT attack organizations mainly relies on manual analysis of samples, and there are difficulties such as insufficient automatic analysis and difficulty in accurate traceability through a single feature. In order to solve the above problems, this paper proposes the traceability method of APT malicious sample organization based on text Transformer model. Six tissue samples headed by APT-28 reached 93.24% of classified accuracy, which can effectively respond to the security threat of APT attacks. The text feature extraction structure of this method fuses the convolutional structure and the Transformer model, which can be flexible to deal with various malicious code sequence lengths. Compared with other malicious code classification methods based on text sequences, the accuracy of this model is improved by 1.5%.