{ "Event": { "analysis": "1", "date": "2026-03-15", "extends_uuid": "", "info": "[Threat Intel][PhishHuntMY] QRaya: A Quishing Campaign Targeting TNG eWallet Users During Ramadhan 2026", "protected": false, "publish_timestamp": "1774219650", "published": true, "threat_level_id": "3", "timestamp": "1774219650", "uuid": "a0e17fad-45e1-4ab2-9704-ffed51520720", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Portal Capture - T1056.003\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773742490", "to_ids": false, "type": "link", "uuid": "9856bc7c-dddc-4b46-bcdd-73b0b7026d51", "value": "https://www.linkedin.com/posts/syazwanisubri_phishhuntmy-phishhuntmy-quishing-activity-7438584878696325120-YoYN" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773742490", "to_ids": false, "type": "link", "uuid": "c952f7c0-4d44-40af-8276-56bcccf85ca8", "value": "https://github.com/Syazwani-s246/phish-hunt-my-2026" }, { "category": "Network activity", "comment": "Fake TNG OAuth path, Indonesian-language strings", "deleted": false, "disable_correlation": false, "timestamp": "1773751495", "to_ids": true, "type": "url", "uuid": "1296f117-6577-4a3a-ac3d-41f3f7399eec", "value": "https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Direct phishing domain", "deleted": false, "disable_correlation": false, "timestamp": "1773751516", "to_ids": true, "type": "url", "uuid": "4c04caed-25ac-459e-85dd-42d78dc56a40", "value": "https://myportalregistration.com/claim-segera", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Direct phishing domain", "deleted": false, "disable_correlation": false, "timestamp": "1773751538", "to_ids": true, "type": "url", "uuid": "2b57853b-6dfb-4341-8ce4-f03aefe00f03", "value": "https://tngduitraya.gbdjw.my/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "t.ly shortener to phishing domain", "deleted": false, "disable_correlation": false, "timestamp": "1773751560", "to_ids": true, "type": "url", "uuid": "7d68b07c-9dd5-43a5-89e4-2fd99fc5e42a", "value": "https://t.ly/Claim11-money-pocket.com?r=qr", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Typosquats TNG CDN domain", "deleted": false, "disable_correlation": false, "timestamp": "1773751582", "to_ids": true, "type": "url", "uuid": "d433bd4f-7fcb-43ef-b6e7-cb03276a90f5", "value": "https://cdntng.sit-e.com/daftar/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malay-language targeting", "deleted": false, "disable_correlation": false, "timestamp": "1773751603", "to_ids": true, "type": "url", "uuid": "b8e88852-dee7-4a04-8749-f8291eb9aaa1", "value": "https://bantuan-tng.inst-my.online/in", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Typosquats cdn.tngdigital.com.my", "deleted": false, "disable_correlation": false, "timestamp": "1773751625", "to_ids": true, "type": "hostname", "uuid": "9d564e34-3df3-4085-bcf9-8382ddc002f7", "value": "cdn-tngdigital9.my-regist.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Fortinet flagged: Phishing", "deleted": false, "disable_correlation": false, "timestamp": "1773751646", "to_ids": true, "type": "url", "uuid": "3a1180d1-85fa-475f-9fe8-134b6776a31f", "value": "https://shrturl.dev", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Cloudflare-protected credential harvester, ~3mo old domain", "deleted": false, "disable_correlation": false, "timestamp": "1773751667", "to_ids": true, "type": "url", "uuid": "d7661c23-ffa5-486f-a599-e3c21282e6bc", "value": "https://cq7zc1x.clxz-hv.xyz", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "secondary campaign, Bantuan Aidilfitri RM750", "deleted": false, "disable_correlation": false, "timestamp": "1773751688", "to_ids": true, "type": "hostname", "uuid": "51219d21-f823-4c48-bb89-8fbff1651d5e", "value": "register-now-7528.vercel.app", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751709", "to_ids": true, "type": "url", "uuid": "90ccc91f-2ff7-407e-8807-c94ea743d0cb", "value": "myportalregistration.com/claim-segera", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751730", "to_ids": true, "type": "hostname", "uuid": "9c104020-4083-4318-86ac-97ad02922d6d", "value": "tngduitraya.gbdjw.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751752", "to_ids": true, "type": "hostname", "uuid": "7ce31298-0d5c-4920-a788-d985923bd7b9", "value": "cdntng.sit-e.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751773", "to_ids": true, "type": "hostname", "uuid": "9fc7d33b-5a05-4968-9190-7fe9caf01262", "value": "cdn.tngdigital.com.my", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751794", "to_ids": true, "type": "hostname", "uuid": "f99f14ed-16ae-4317-9150-da7b8482a403", "value": "bantuan-tng.inst-my.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773742697", "to_ids": false, "type": "link", "uuid": "26e46dfb-b07e-4e89-b80b-14a8d38a6887", "value": "https://www.virustotal.com/gui/collection/7d38c7c478078131663e9928cc5b5ac8f01c87a7ddb5882e9f8508c52ff5f8e8" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751815", "to_ids": true, "type": "url", "uuid": "ca87c905-d1fc-4a3f-af0c-746409323060", "value": "https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/234567876543234567887654345678765432345678987654323456788765432345677654334567887654234567?r=qr", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751837", "to_ids": true, "type": "url", "uuid": "c6d46c2c-dab8-4b3a-ab3e-fa675dad0891", "value": "https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/123456787654323456788765432345678876543234567887654323456789876543256787654328765387643876?r=qr", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773751858", "to_ids": true, "type": "url", "uuid": "54518749-72cd-440a-9e0d-9bfcdd042752", "value": "https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/234567898765432124567887654321234567898765432345678987654323456789876543234567898765432456?r=qr", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }