2026-03-15 PhishHuntMY] QRaya A Quishing Campaign Targeting TNG eWallet Users During Ramadhan 2026| Threat Intelligence Malaysia

📃Title: PhishHuntMY] QRaya: A Quishing Campaign Targeting TNG eWallet Users During Ramadhan 2026
📅Date: 2026-03-15
🔗References:

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: broad-based
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
mitre-attack-pattern=[‘T1041’, ‘T1566’, ‘T1566.002’, ‘T1056.003’]

MISP event uuid: a0e17fad-45e1-4ab2-9704-ffed51520720

Indicator of Compromise (IoCs)

type,value,comment
url, https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/, 'Fake TNG OAuth path, Indonesian-language strings'
url, https://myportalregistration.com/claim-segera, 'Direct phishing domain'
url, https://tngduitraya.gbdjw.my/, 'Direct phishing domain'
url, https://t.ly/Claim11-money-pocket.com?r=qr, 't.ly shortener to phishing domain'
url, https://cdntng.sit-e.com/daftar/, 'Typosquats TNG CDN domain'
url, https://bantuan-tng.inst-my.online/in, 'Malay-language targeting'
hostname, cdn-tngdigital9.my-regist.com, 'Typosquats cdn.tngdigital.com.my'
url, https://shrturl.dev, 'Fortinet flagged: Phishing'
url, https://cq7zc1x.clxz-hv.xyz, 'Cloudflare-protected credential harvester, ~3mo old domain'
hostname, register-now-7528.vercel.app, 'secondary campaign, Bantuan Aidilfitri RM750'
url, myportalregistration.com/claim-segera, ''
hostname, tngduitraya.gbdjw.my, ''
hostname, cdntng.sit-e.com, ''
hostname, cdn.tngdigital.com.my, ''
hostname, bantuan-tng.inst-my.online, ''
url, https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/234567876543234567887654345678765432345678987654323456788765432345677654334567887654234567?r=qr, ''
url, https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/123456787654323456788765432345678876543234567887654323456789876543256787654328765387643876?r=qr, ''
url, https://t.ly/cdn.tngdigital.com.my/s/oauth2/berbagirezki/bulansuciramadhan/penuhberkah/moneypacket/1234567890/234567898765432124567887654321234567898765432345678987654323456789876543234567898765432456?r=qr, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2026-03-15 PhishHuntMY] QRaya A Quishing Campaign Targeting TNG eWallet Users During Ramadhan 2026

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View