PAYPAL phish running on mbi[.]ac[.]ug

1. Found: 2018-08-06 07:15:10.398000
2. URL: https://mbi.ac.ug/sly.zip
3. File: mbi.ac.ug-foo-sly.zip
4. Domain: mbi.ac.ug
5. Target: PAYPAL
6. Name Size Date MD5 sly/logs/.DS_Store 6148 2018-07-11 10:33:12 6a1b49dba94640d3ca5d0b5075f38406
7.  
8. sly/logs/.htaccess 6301 2018-07-11 10:33:10 577e5021372dd3033eb9e9565b885c02
9. File appears in 32 kits
10. sly/logs/blocker.php 2644 2018-07-11 10:33:10 5aa3f3f406ced12d0bc7742e77b01781
11. File appears in 281 kits and under 5 different file names
12. sly/logs/forward.php 129 2018-07-25 08:27:36 796b6a265b56dbd6849e4f36502eae7f
13. sly/logs/index.php 2743 2018-07-11 10:33:10 2d20a1e28b742f2e4cbc78fcfed07159
14.  
15. sly/logs/robots.txt 26 2018-07-11 10:33:10 bbbcde0b15cabd06aace1df82d335978
16. File appears in 155 kits and under 2 different file names
17. sly/logs/source/.htaccess 6301 2018-07-11 10:33:10 577e5021372dd3033eb9e9565b885c02
18. File appears in 32 kits
19. sly/logs/source/blocker.php 2644 2018-07-11 10:33:10 5aa3f3f406ced12d0bc7742e77b01781
20. File appears in 281 kits and under 5 different file names
21. sly/logs/source/connectID.php 4257 2018-07-11 10:33:10 e763cfe66d6e42d63258c3537b900e10
22.  
23. sly/logs/source/connectIDX.php 4231 2018-07-11 10:33:10 3bad187e5addae4a88ace3bf4175ece8
24.  
25. sly/logs/source/files/0.jpg 298105 2018-07-11 10:33:10 f5a9a9531b8f4bcc86eabb19472d15d5
26. File appears in 7 kits
27. sly/logs/source/files/0-small.jpg 1029 2018-07-11 10:33:10 12f4b8b543125cc986c79cd85320812f
28. File appears in 2 kits
29. sly/logs/source/files/bannerlogo 4585 2018-07-11 10:33:10 9f09a27d4f69b3557c7433574a29d726
30. File appears in 133 kits and under 5 different file names
31. sly/logs/source/files/converged.login.min.css 86425 2018-07-11 10:33:12 041294f2364ba96d1008aff40415ada5
32.  
33. sly/logs/source/files/favicon_a.ico 17174 2018-07-11 10:33:12 12e3dac858061d088023b2bd48e2fa96
34. File appears in 379 kits and under 10 different file names
35. sly/logs/source/files/microsoft_logo.png 1057 2018-07-11 10:33:12 ed9c9eb0dce17d752bedea6b5acda6d9
36. File appears in 5 kits and under 2 different file names
37. sly/logs/source/files/microsoft_logo.svg 3651 2018-07-11 10:33:12 ee5c8d9fb6248c938fd0dc19370e90bd
38. File appears in 33 kits and under 2 different file names
39. sly/logs/source/files/picker_account_aad.svg 756 2018-07-11 10:33:12 9de70d1c5191d1852a0d5aac28b44a6c
40. File appears in 7 kits and under 2 different file names
41. sly/logs/source/index.php 1209 2018-07-11 10:33:10 320edd58d1f52df2d8011557177db1c1
42.  
43. sly/logs/source/login.php 24690 2018-07-11 10:33:10 2918a0efb595ab16e2f542a1e908b237
44.  
45. sly/logs/source/office.php 24964 2018-07-11 10:33:10 fcb5c93a338c5aaf50817cab831b6e10
46.  
47. sly/logs/source/robots.txt 26 2018-07-11 10:33:10 bbbcde0b15cabd06aace1df82d335978
48. File appears in 155 kits and under 2 different file names
49. sly/logs/source/wrong_pass.php 25090 2018-07-11 10:33:10 470a33369b0f1da26b819f54e9ccf4ae
50.  
51.  
52. 1 Email addresses found:
53. norsesylvester@gmail.com
54.  
55.  
56.  
57. https://texasmalwareblog.blogspot.com @phish_total