📃Title: Nacsa says Health Ministry, other govt agency websites hacked; urges immediate patch to fix vulnerability
📅Date: 2026-06-27
🔗References:

Threat Actor

Mushr00w

🔖Rectifyq Taxonomies:

  • relevancy: 🔴 Highly Relevant
  • category: ⚔Threat
  • sub-category: report
  • sub-category: critical-vuln

🔖MISP Galaxies:

  • target-information=“Malaysia”
  • sector=“Government, Administration”
  • mitre-attack-pattern=[‘T1190’, ‘T1377’, ‘T1100’, ‘T1505.003’, ‘T1491’, ‘T1059.006’]

MISP event uuid: 409f7b4d-207e-4bad-8938-248248604dd4

Indicator of Compromise (IoCs)

type,value,comment
md5, c4ff68b75e77936478c90dcd96881dde, ''
md5, 097a0d1708f3f685978345c9caf57082, ''
md5, b2a4352e0a34f5d642aa9dec4f34c846, 'No sample in VT\r\nLast check:28/06/2026'
md5, 32bea1ef00228d2629374abfdb38dffb, 'No sample in VT\r\nLast check:28/06/2026'
md5, a0dffda5d499410118275d6dfd05c38e, 'No sample in VT\r\nLast check:28/06/2026'
md5, 3e2256077a55584ee23d5aaba1aa23c1, 'No sample in VT\r\nLast check:28/06/2026'
url, https://t.me/Mushr00w, ''
ip-dst, 103.233.161.81, 'moh.gov.my'
hostname, moh.gov.my, ''
ip-dst, 188.119.4.214, ''
ip-dst, 193.200.134.44, 'Malicious Infrastructure / Command and Control (C2'
ip-dst, 20.226.81.217, 'Vulnerability Scanner / Probing Host / Persistent Scout Bot / Active Scanner'
ip-dst, 35.220.187.228, 'IP sekunder yang digunakan oleh penyerang pada sebelah malam untuk mengakses semula webshell dan memuat naik komponen/skrip tambahan ke dalam pelayan (server) - Malicious Proxy'
ip-dst, 188.119.20.75, 'Active Attacker Node'
url, https://t.me/WebshellSR, ''

Full IOCs available in Rectifyq’s MISP