Microsoft phish running on thecoriew[.]co

1. Found: 2018-05-02 08:19:46.267000
2. URL: https://thecoriew.co/Onedrve.zip
3. File: thecoriew.co-foo-Onedrve.zip
4. Domain: thecoriew.co
5. Target: Microsoft
6. Name Size Date MD5 Onedrve/Onedrve/.htaccess 8144 2016-06-10 14:45:36 baea64830f96527d3224e0badc6e8bf3
7. File appears in 100 kits
8. Onedrve/Onedrve/Dwn/antibots.txt 1 2018-01-29 20:14:02 c4ca4238a0b923820dcc509a6f75849b
9. File appears in 9 kits and under 2 different file names
10. Onedrve/Onedrve/Dwn/index.php 1181 2018-03-12 18:38:54 dfebed591c4e94ae0e2a0b98d22fd41f
11. Onedrve/Onedrve/index.php 810 2018-03-26 15:02:18 57217162a50f965e3b64b1b7c1164465
12. Onedrve/Onedrve/perceive/index.php 631 2018-03-12 18:38:18 b776bc5b03521a0facdc56477f7bf636
13. Onedrve/Onedrve/perceive/robots.php 10585 2018-03-12 18:52:06 abb817ed409f289373af3940dc793d1d
14. Onedrve/Onedrve/robots.txt 72 2018-02-15 19:37:46 a460f25a9aef1f180492d07cc1ac8c2d
15. Onedrve/Onedrve/syn/.htaccess 8144 2016-06-10 14:45:36 baea64830f96527d3224e0badc6e8bf3
16. File appears in 100 kits
17. Onedrve/Onedrve/syn/360_files/360.png 11213 2018-01-03 10:43:04 5a503bcdf5b2b7fe81b068107052bcc5
18. Onedrve/Onedrve/syn/360_files/w_button.png 749 2018-02-15 15:34:14 23f7d45d4bcf8665b9a64dc31251101a
19. Onedrve/Onedrve/syn/AII.html 2937 2018-03-13 13:06:02 f75f7c73971caeb80b40d3433019fa62
20. Onedrve/Onedrve/syn/aii_files/aii.png 12864 2018-01-04 20:01:28 4d24f951a01ae43a91e0ef58a99e7962
21. Onedrve/Onedrve/syn/css/2018-03-13_1329.png 438448 2018-04-03 09:18:14 da255da76f2968bb6933ed01c009a1f9
22. Onedrve/Onedrve/syn/css/style.css 6879 2018-04-03 09:17:34 88eddf4e448b3101571ddbaecdf32b42
23. Onedrve/Onedrve/syn/geoplugin.class.php 4647 2014-04-25 12:14:28 c8ea1e960b48a620c00bc65d525a721c
24. File appears in 1299 kits and under 3 different file names
25. Onedrve/Onedrve/syn/HML.html 2931 2018-03-13 13:06:22 b62e64f7f28f248e279645ee0429ae22
26. Onedrve/Onedrve/syn/hml_files/hml.png 15510 2018-01-03 10:34:24 d445a9a3fce73a3d531dcb79deb3dcb2
27. Onedrve/Onedrve/syn/img/aol.png 1538 2017-11-27 08:06:38 ea9772b90a517e9c61577bc209ae005e
28. File appears in 25 kits
29. Onedrve/Onedrve/syn/img/favicon.ico 7886 2018-03-13 14:57:48 1195bfe885af7c60b352a3b3bef7e42c
30. File appears in 2 kits
31. Onedrve/Onedrve/syn/img/gmail.png 1840 2017-11-27 08:05:10 b3f46ee52c669c94cc5ec9bcc58589a1
32. File appears in 25 kits
33. Onedrve/Onedrve/syn/img/mail.png 1694 2017-11-27 08:08:36 34c474722fc5046a7f984c307050365d
34. File appears in 26 kits
35. Onedrve/Onedrve/syn/img/office.png 1421 2017-11-27 08:07:20 4dfcf323758894583269dcd89e8e562b
36. File appears in 26 kits
37. Onedrve/Onedrve/syn/img/oneDrive.png 14981 2017-11-27 08:02:24 0687a1330a816d19c12cb00682bfe01d
38. File appears in 25 kits
39. Onedrve/Onedrve/syn/img/outlook.png 2103 2017-11-27 08:06:00 6ec5d7c8db94bfba6272598af602593a
40. File appears in 25 kits
41. Onedrve/Onedrve/syn/img/spinner.gif 30897 2016-09-19 12:19:38 535ed701cbfdd01d2920dad31755c4d1
42. Onedrve/Onedrve/syn/img/yahooMail.png 1997 2017-11-27 08:07:00 e100951d0b2da8bb50259b7e1ceadbe6
43. File appears in 25 kits
44. Onedrve/Onedrve/syn/index.html 3162 2018-04-03 09:33:18 2e610662c4c9dc2ba062ffd21a767074
45. Onedrve/Onedrve/syn/MYM.html 2953 2018-03-13 13:04:40 81c7920f2e651284e4276acb507df213
46. Onedrve/Onedrve/syn/mym_files/mym.png 17625 2018-01-03 08:16:36 5cbf63b85c97e4c9745be5ef69a9a8fa
47. Onedrve/Onedrve/syn/mym_files/m_button.png 1013 2018-02-15 15:28:48 6f732d55dfa94f5ba0e2e30135dc322a
48. Onedrve/Onedrve/syn/ODL.html 3240 2018-03-13 13:04:54 3e52bc19f2887a8f39c4a4561f667605
49. Onedrve/Onedrve/syn/OLK.html 2790 2018-02-15 15:38:32 940faf3c775092c464c3038328a20378
50. Onedrve/Onedrve/syn/one.html 533 2018-03-13 13:36:42 8f3503274eb1c54c5cfc1989cfc6c205
51. Onedrve/Onedrve/syn/ot_files/logo-transparent.png 4713 2018-02-15 16:02:00 ed3debf315969193c39bcf2ffe51d67c
52. Onedrve/Onedrve/syn/robots.txt 154 2018-02-15 19:40:20 ed722df3e7ae1dcaddd489cf2d53b2ea
53. Onedrve/Onedrve/syn/two.php 1951 2018-04-05 05:47:48 a66da0677d9807081fcc151f44e4ee74
54.  
55. 3 Email addresses found:
56. gp_support@geoplugin.com (appears in 1240 kits)
57. cosmor300@gmail.com
58. newsletter@lwf.org
59.  
60.  
61.  
62. https://texasmalwareblog.blogspot.com @phish_total