2022-04-05 RTF template injection sample targeting Malaysia| Threat Intelligence Malaysia

📃Title: RTF template injection sample targeting Malaysia
📅Date: 2022-04-05
🔗References:

https://notes.netbytesec.com/2022/04/rtf-template-injection-sample-targeting-Malaysia.html

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: malware-analysis
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
f3b46834-6ce9-44ef-852d-d7ac61a12920=“5ba3a053-9bd8-47da-b837-2aef418a0a42”
mitre-attack-pattern=[‘T1221’, ‘T1137.001’, ‘T1547.001’]

MISP event uuid: 06c6d7a8-2854-402a-9f01-74715d433ed0

Indicator of Compromise (IoCs)

type,value,comment
md5, d50e5febbbb53fb439df73b976db790c, 'Salwa.dotm No sample in VT\r\nLast check:09/05/2025'
url, https://mckeaguee.com/salwa.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/suhaimi.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/rushidan.dotm, 'RTF template injection URLs'
url, https://mckeaguee.com/hamizan.dotm, 'RTF template injection URLs'
domain, mckeaguee.com, 'RTF communication'
ip-dst, 206.166.251.228, 'RTF communication'
domain, mclartyc.com, 'DLL communication - C2 Server'
ip-dst, 139.177.184.80, 'DLL communication'

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2022-04-05 RTF template injection sample targeting Malaysia

Indicator of Compromise (IoCs)

Graph View