{ "Event": { "analysis": "1", "date": "2026-02-28", "extends_uuid": "", "info": "[Threat Intel] Analysis of the \u201cKongsi Rezeki\u201d on Threads social media QR-phishing campaign", "protected": false, "publish_timestamp": "1780042195", "published": true, "threat_level_id": "3", "timestamp": "1772902089", "uuid": "0b6037c8-d75d-4ba2-a378-7e0a2757a051", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Access Removal - T1531\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Factor Authentication Interception - T1111\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#db2044", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1598.003\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772286796", "to_ids": false, "type": "link", "uuid": "8110bb85-bd36-4fdf-9211-5d5618c7def6", "value": "https://www.notion.so/3ch0/Analysis-of-the-Kongsi-Rezeki-on-Threads-social-media-QR-phishing-campaign-314d05a447d5809abc48e44233792978" }, { "category": "Network activity", "comment": "Landing page after QR scan.", "deleted": false, "disable_correlation": false, "timestamp": "1772328091", "to_ids": true, "type": "url", "uuid": "7d309d6e-755e-448e-bb17-113bb60a3574", "value": "https://tngduitraya14.gbdjw.my/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Data collection page.", "deleted": false, "disable_correlation": false, "timestamp": "1772328120", "to_ids": true, "type": "url", "uuid": "06c05941-9978-4598-a8e0-d0dced7f2bd8", "value": "https://tngduitraya14.gbdjw.my/go/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 server for data exfiltration.", "deleted": false, "disable_correlation": false, "timestamp": "1772328133", "to_ids": true, "type": "url", "uuid": "676c57d7-1588-48a4-8252-3e95a7e454b0", "value": "https://tngduitraya14.gbdjw.my/API/index.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious Domain.", "deleted": false, "disable_correlation": false, "timestamp": "1772289432", "to_ids": true, "type": "domain", "uuid": "7157ddd2-9888-4bcb-bf4b-78745b31f47f", "value": "gbdjw.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772289453", "to_ids": true, "type": "hostname", "uuid": "475327ca-6883-4de6-95f8-c8227745bcff", "value": "money.gbdjw.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772289475", "to_ids": true, "type": "hostname", "uuid": "1d72b710-bbc2-46c9-a915-c55d291f85b3", "value": "tngduitraya.gbdjw.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772328150", "to_ids": true, "type": "hostname", "uuid": "ff106e79-a986-49ed-bdf4-9d0cd7d3de9a", "value": "moneypocket.gbdjw.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }