MICROSOFT phish running on leominstertv[.]tv

1. Found: 2018-01-10 13:15:12.649000
2. URL: http://leominstertv.tv/1dRive1-Drive1.zip
3. File: leominstertv.tv-foo-1dRive1-Drive1.zip
4. Domain: leominstertv.tv
5. Target: MICROSOFT
6. Name Size Date MD5 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/AA1.htm 2315 2017-10-06 17:57:52 db7397e52d06e284c1dcaf143e72c781
7. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/AA1.php 881 2017-10-16 12:31:48 79e877a9a2c58e75a063c3a6aa597763
8. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/aol_files/AA1.png 15956 2017-10-05 09:37:46 f67eb075dec30c0757b70178d7f8cc02
9. File appears in 76 kits and under 4 different file names
10. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/css/style.css 6919 2017-10-05 09:19:20 2b99a0514111df728c87f751d8417b6e
11.  
12. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/g_files/which 2.png 5776 2017-10-05 09:22:48 b67b29fd0babde82586c2dc6375ba888
13. File appears in 6 kits
14. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/g_files/which.PNG 23524 2017-10-05 09:22:52 8444cf8e6be42f69bc4aa6ce763d90bc
15. File appears in 6 kits
16. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/g_files/which1.png 5407 2017-10-05 09:22:56 503665fa9754456aa2cf5e094cc2eaf7
17. File appears in 6 kits
18. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/g_files/which3.png 5462 2017-10-05 09:23:00 d5c47c8381651e27cdfcbd14eacddad8
19. File appears in 6 kits
20. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/GGC.htm 2315 2017-10-06 17:58:24 dff858baf0ae722d23fd18464435dc07
21. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/GGC.php 708 2017-10-16 12:31:24 d5c2c19519a73b0afab1c9a1e135e77a
22. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/GGN.html 1666 2017-10-06 17:53:32 783c9789897b16bb4dabdf5fbcf40089
23. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/GGP.html 2311 2017-10-06 17:59:14 24dc836794ab36b223671b20323c61bd
24. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/gmail_files/GG1.png 28750 2017-10-05 09:24:14 9100850aaf5a709531a5be25384c8419
25. File appears in 46 kits and under 2 different file names
26. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/aol.png 1538 2017-10-05 09:21:08 ea9772b90a517e9c61577bc209ae005e
27.  
28. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/gmail.png 1840 2017-10-05 09:21:12 b3f46ee52c669c94cc5ec9bcc58589a1
29.  
30. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/landing-devices-bg.jpg 199882 2017-10-05 09:20:12 fbeaf13996d872780bda8ca2ad200469
31.  
32. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/mail.png 1694 2017-10-05 09:21:18 34c474722fc5046a7f984c307050365d
33.  
34. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/office.png 1421 2017-10-05 09:21:22 4dfcf323758894583269dcd89e8e562b
35.  
36. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/oneDrive.png 14981 2017-10-05 09:21:26 0687a1330a816d19c12cb00682bfe01d
37.  
38. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/outlook.png 2103 2017-10-05 09:21:30 6ec5d7c8db94bfba6272598af602593a
39.  
40. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/Thumbs.db 4608 2017-10-06 17:42:18 addd754c357a18a5ad4b8e802ad593ff
41. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/images/yahooMail.png 1997 2017-10-05 09:21:34 e100951d0b2da8bb50259b7e1ceadbe6
42.  
43. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/index.html 2995 2017-11-09 05:12:36 4e62e228d59c2c8c22375fcfeeba8927
44. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/live_files/LL1.png 10776 2017-10-05 09:35:00 6b97ed8cb0dcd102216220231f6b82ba
45. File appears in 81 kits and under 7 different file names
46. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/LL1.htm 2547 2017-10-06 17:59:38 5e1e928db1a917240496e67305b6ac09
47. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/LL1.php 711 2017-10-16 12:31:00 d8674f7f88bf5757604b18a36180901d
48. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/OF.htm 2556 2017-10-06 17:59:54 ba1688109aa4dd58cf4158244ecba38a
49. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/OF.php 1129 2017-10-16 12:30:40 a5a0b8d818ad7e365fa6d283e67edef2
50. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/ojomu/OF1.jpg 11286 2017-10-05 09:39:14 910913f953ac7ec23a1746cf90d4e5ad
51. File appears in 46 kits and under 2 different file names
52. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/OT.htm 2799 2017-10-06 18:00:20 e2db1cfccc36d67b4ff51962eea5dbb5
53. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/OT.php 710 2017-11-09 04:34:18 89d4eede5f882289eb4855f2b86c5f8e
54. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/other_files/OT.png 7826 2017-10-05 12:53:42 e433eea50a4fd4f80605216cafc59f7c
55. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/other_files/Thumbs.db 10752 2017-10-05 12:53:42 3b3e5b409d37560b28e1dedcd1610282
56. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/phone.php 1776 2017-11-09 04:18:26 c750d831f8308f9efc55eda283efac64
57. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/verification.php 50078 2017-05-17 13:52:46 73853217c691b5ecd975e8d63cea1723
58. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/YY.html 2111 2017-10-06 18:00:38 75070a643c45fce6dbca54c91ba4649e
59. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/YY1.htm/Thumbs.db 10752 2017-10-05 13:07:08 a1557eb8baa10b829c438954c5a63394
60. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/YY1.htm/YY1.png 12947 2017-10-05 13:07:08 a608a75ecac04f322adf623b1a2382ef
61. 1dRive1-Drive1/1dRive1-Drive1/1dRive-Drive/1dRive/YY1.php 714 2017-11-09 04:33:50 58f5f3189ac60b8adc79fa97687c309f
62.  
63. 2 Email addresses found:
64. iamjohnsonwally@gmail.com
65. wirez@googledocs.org (appears in 116 kits)
66.  
67.  
68.  
69. https://texasmalwareblog.blogspot.com @phish_total