MICROSOFT phish running on teamtechnologyperu[.]com

1. Found: 2018-01-28 15:15:34.019000
2. URL: http://teamtechnologyperu.com/wp-includes/xhp.zip
3. File: teamtechnologyperu.com-wp-includes-xhp.zip
4. Domain: teamtechnologyperu.com
5. Target: MICROSOFT
6. Name Size Date MD5 xhp/officiar/adhoc/cofiguare/incorrect.php 44546 2018-01-09 10:16:28 fde877fcb52b992434582bf9f5a66021
7. xhp/officiar/adhoc/cofiguare/index.php 40412 2017-06-22 11:36:38 d21cc0a5685176db2bc8939623e3603c
8. xhp/officiar/adhoc/cofiguare/secondpageloader.gif 5601 2017-06-22 10:10:32 f94d045802343974442538d9fc35f37d
9. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/aad.js 167628 2016-09-06 17:09:40 c50aabf94f3a014af12c196b4f5538cb
10. File appears in 8 kits and under 2 different file names
11. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/bannerlogo.png 4585 2016-09-06 17:09:40 9f09a27d4f69b3557c7433574a29d726
12. File appears in 81 kits and under 4 different file names
13. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/heroillustration.jpg 203294 2016-09-06 17:09:40 65283b123eb235e6176ae98c02ac5b1c
14. File appears in 154 kits and under 4 different file names
15. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/jquery.js 109078 2016-09-06 17:09:40 f274d523a09ce908f4bd2bd2fdb0e7cb
16. File appears in 20 kits and under 3 different file names
17. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/login.css 21664 2016-09-06 17:09:40 aa60dd57b752f9c4ba945e4f8718552a
18. File appears in 9 kits and under 2 different file names
19. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/login_hover.css 89 2016-09-06 17:09:40 2c957834356b9ca6570167adec33573f
20. File appears in 32 kits and under 2 different file names
21. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/microsoft_logo.png 1040 2016-09-06 17:09:40 e4b675007dc6492ee590131d1f7dfbb3
22. File appears in 50 kits and under 2 different file names
23. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch.htm 3325 2016-09-06 17:09:40 3db3f558c29763df615a1ede472992a4
24. File appears in 5 kits
25. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/boot.css 182391 2016-09-06 17:09:40 b139499248bd2fb2a99ff1436dd0ecd1
26. File appears in 5 kits
27. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/boot.js 624440 2016-09-06 17:09:40 8974e7be8f47f5fc026557ada72297dd
28. File appears in 5 kits
29. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/boot_002.js 624182 2016-09-06 17:09:40 294fec24d190c065cb9cf17e2e926ff5
30. File appears in 5 kits
31. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/boot_003.js 622132 2016-09-06 17:09:40 ac535e9d7352cabb642e7cb5c180a822
32. File appears in 5 kits
33. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/boot_004.js 623111 2016-09-06 17:09:40 abf6b0ab0dc9ac32471c461beaa472ed
34. File appears in 5 kits
35. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/sprite1.css 7584 2016-09-06 17:09:40 0346d135171f20a65334f60ab90ae884
36. File appears in 29 kits and under 3 different file names
37. xhp/officiar/adhoc/cofiguare/Sign in to your account_files/prefetch_data/sprite1.png 16967 2016-09-06 17:09:40 934d28f5d1967abbde9663d01344bf24
38. File appears in 29 kits and under 3 different file names
39. xhp/officiar/adhoc/cofiguare/successful.php 4703 2018-01-09 10:17:24 4c63544caa0c3f3e08a1ef9f150ec396
40.  
41. 6 Email addresses found:
42. textofficeplus@gmail.com
43. someone@contoso.com (appears in 10 kits)
44. someone@contoso.onmicrosoft.com (appears in 10 kits)
45. someone@example.com (appears in 68 kits)
46. someone@example.onmicrosoft.com (appears in 15 kits)
47. 'someone@example.com (appears in 10 kits)
48.  
49.  
50.  
51. https://texasmalwareblog.blogspot.com @phish_total