2026-03-13 PhishHuntMY] TNG eWallet Quishing Campaign| Threat Intelligence Malaysia

📃Title: PhishHuntMY] TNG eWallet Quishing Campaign
📅Date: 2026-03-13
🔗References:

https://remarkable-xenon-ff5.notion.site/TNG-eWallet-Quishing-Campaign-31ea6f58415f80cc8e2dd5cee0c56826

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: broad-based
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
mitre-attack-pattern=[]

MISP event uuid: 16aad763-2989-4fd3-b6cd-8ceb09e2ef6b

Indicator of Compromise (IoCs)

type,value,comment
url, https://bantuan.tng-gov-my.online/aply, ''
url, https://tng-wallet-qr.ty-fli.com/6/, ''
url, https://ewallet.tng-qr.it.com/2/, ''
domain, tng-gov-my.online, ''
domain, ty-fli.com, ''
hostname, tng-qr.it.com, ''
hostname, bantuan.tng-gov-my.online, ''
hostname, tng-wallet-qr.ty-fli.com, ''
hostname, ewallet.tng-qr.it.com, ''
ip-dst, 172.67.217.169, ''
ip-dst, 104.21.62.10, ''
ip-dst, 104.21.50.106, ''
ip-dst, 172.67.204.240, ''
ip-dst, 104.21.37.23, ''
ip-dst, 172.67.203.71, ''
ip-dst, 2606:4700:3037::ac43:d9a9, ''
ip-dst, 2606:4700:3036::6815:3e0a, ''
ip-dst, 2606:4700:3030::ac43:ccf0, ''
ip-dst, 2606:4700:3033::6815:326a, ''
ip-dst, 2606:4700:3032::ac43:cb47, ''
ip-dst, 2606:4700:3032::6815:2517, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2026-03-13 PhishHuntMY] TNG eWallet Quishing Campaign

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View