Rectifyq📃Title: Smishing targeting TouchNGo E-Wallet Users
📅Date: 2025-11-10
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Malaysia”
- financial-fraud=“Fake Website”
- financial-fraud=“Smishing”
- mitre-attack-pattern=[‘T1660’, ‘T1512’]
MISP event uuid: e5bcd8f5-7574-4104-85b2-14a915b2a121
Indicator of Compromise (IoCs)
type,value,comment
url, touchngo.buzz/my, ''
url, https://touchngo.buzz/my, ''
domain, touchngo.buzz, ''
ip-dst, 43.153.59.168, 'touchngo.buzz resolved to'
domain, rmp-gov.lat, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.boats, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.pics, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.skin, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, mybayar.asia, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.beer, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.lol, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo.rest, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, jlexpress.lol, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.lol, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.icu, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.lat, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.top, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.cfd, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
domain, touchngo-app.pics, 'Other domain hosted at same IP as touchngo.buzz(43.153.59.168)'
Full IOCs available in Rectifyq's MISP```