MICROSOFT phish running on analyticalsolutions[.]biz

1. Found: 2017-12-19 08:12:32
2. URL: http://www.analyticalsolutions.biz/links/data/office35frdre/index.php.php
3. File: office35frdre-www.analyticalsolutions.biz.zip
4. Domain: analyticalsolutions.biz
5. Target: MICROSOFT
6. Name Size Date MD5 office35frdre/incorrect.php 44503 2017-12-07 18:11:08 470ca76bc399a0d4f119bb00cfbde534
7. office35frdre/index.php.php 41021 2017-10-02 15:16:48 1e850ba41a1342c5f16adaec6ff49c90
8. office35frdre/not.htm 41779 2017-10-02 15:16:48 7c4b1426615f01a4039885fa1685e959
9. File appears in 2 kits
10. office35frdre/Sign in to your account_files/aad.js 167628 2017-10-02 15:16:50 c50aabf94f3a014af12c196b4f5538cb
11. File appears in 3 kits and under 2 different file names
12. office35frdre/Sign in to your account_files/bannerlogo.png 4585 2017-10-02 15:16:50 9f09a27d4f69b3557c7433574a29d726
13. File appears in 57 kits and under 4 different file names
14. office35frdre/Sign in to your account_files/heroillustration.jpg 203294 2017-10-02 15:16:50 65283b123eb235e6176ae98c02ac5b1c
15. File appears in 126 kits and under 4 different file names
16. office35frdre/Sign in to your account_files/jquery.js 109078 2017-10-02 15:16:50 f274d523a09ce908f4bd2bd2fdb0e7cb
17. File appears in 11 kits and under 3 different file names
18. office35frdre/Sign in to your account_files/login.css 21664 2017-10-02 15:16:50 aa60dd57b752f9c4ba945e4f8718552a
19. File appears in 3 kits and under 2 different file names
20. office35frdre/Sign in to your account_files/login_hover.css 89 2017-10-02 15:16:50 2c957834356b9ca6570167adec33573f
21. File appears in 19 kits and under 2 different file names
22. office35frdre/Sign in to your account_files/microsoft_logo.png 1040 2017-10-02 15:16:50 e4b675007dc6492ee590131d1f7dfbb3
23. File appears in 33 kits and under 2 different file names
24. office35frdre/Sign in to your account_files/prefetch.htm 3325 2017-10-02 15:16:50 3db3f558c29763df615a1ede472992a4
25. File appears in 2 kits
26. office35frdre/Sign in to your account_files/prefetch_data/boot.css 182391 2017-10-02 15:16:50 b139499248bd2fb2a99ff1436dd0ecd1
27. File appears in 2 kits
28. office35frdre/Sign in to your account_files/prefetch_data/boot.js 624440 2017-10-02 15:16:54 8974e7be8f47f5fc026557ada72297dd
29. File appears in 2 kits
30. office35frdre/Sign in to your account_files/prefetch_data/boot_002.js 624182 2017-10-02 15:16:56 294fec24d190c065cb9cf17e2e926ff5
31. File appears in 2 kits
32. office35frdre/Sign in to your account_files/prefetch_data/boot_003.js 622132 2017-10-02 15:16:58 ac535e9d7352cabb642e7cb5c180a822
33. File appears in 2 kits
34. office35frdre/Sign in to your account_files/prefetch_data/boot_004.js 623111 2017-10-02 15:17:00 abf6b0ab0dc9ac32471c461beaa472ed
35. File appears in 2 kits
36. office35frdre/Sign in to your account_files/prefetch_data/sprite1.css 7584 2017-10-02 15:17:00 0346d135171f20a65334f60ab90ae884
37. File appears in 25 kits and under 3 different file names
38. office35frdre/Sign in to your account_files/prefetch_data/sprite1.png 16967 2017-10-02 15:17:00 934d28f5d1967abbde9663d01344bf24
39. File appears in 25 kits and under 3 different file names
40. office35frdre/successful.php 4782 2017-12-07 18:09:48 4fc50bf58e4ff97d7b893755e2283593
41.  
42. 6 Email addresses found:
43. uk365outlookzceo@gmail.com
44. someone@contoso.com (appears in 6 kits)
45. someone@contoso.onmicrosoft.com (appears in 6 kits)
46. someone@example.com (appears in 56 kits)
47. someone@example.onmicrosoft.com (appears in 7 kits)
48. 'someone@example.com (appears in 6 kits)
49.  
50.  
51.  
52. https://texasmalwareblog.blogspot.com @phish_total