Rectifyq📃Title: RTF template injection sample targeting Malaysia
📅Date: 2022-04-05
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Malaysia”
- f3b46834-6ce9-44ef-852d-d7ac61a12920=“5ba3a053-9bd8-47da-b837-2aef418a0a42”
- mitre-attack-pattern=[‘T1221’, ‘T1137.001’, ‘T1547.001’]
MISP event uuid: 06c6d7a8-2854-402a-9f01-74715d433ed0
Indicator of Compromise (IoCs)
type,value,comment
md5, bc3102871cff7431440dbee8d7f1ae55, 'Training Schedule Year 2022.doc'
md5, 99f02db0641f2bb5680fdd08e59dd2e0, 'CSM-ACE_Delegates_Kit.doc'
md5, aac4b8e7e637c5b73e0801bc113ec0aa, 'CSM 2022.doc'
md5, 44f989a9dd3958611189eaca5b32444d, 'CSM-ACE Delegates Kit.doc'
md5, 3890c7037e01edf40ce6700491a49dd3, 'Training'
md5, 4ce106b72de51c55781d6d55e758a636, 'GoogleServices.dll'
md5, 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f, 'GoogleDesktop.exe'
md5, d50e5febbbb53fb439df73b976db790c, 'Salwa.dotm No sample in VT\r\nLast check:09/05/2025'
url, https://mckeaguee.com/salwa.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/suhaimi.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/rushidan.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/hamizan.dotm, 'RTF template injection URLs'
domain, mckeaguee.com, 'RTF communication'
ip-dst, 206.166.251.228, 'RTF communication'
domain, mclartyc.com, 'DLL communication - C2 Server'
ip-dst, 139.177.184.80, 'DLL communication'
Full IOCs available in Rectifyq’s MISP