Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16F6286B1A1593BBA412F86C9525AD71F71E5E20DCB9B22103BEC53FC16CEC98BD1508B |
|
CONTENT
ssdeep
|
192:f6PKzNqdpqgwvs/tGktN4zBAVbBNkwHgeJWaSFVU1oYE5+fNdTE5Cfa2rYm7PGEF:f6ggWa4HYjdTYCCuYm2TMz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b130cccccccecd99 |
|
VISUAL
aHash
|
dfc3cfc7cfcfc7df |
|
VISUAL
dHash
|
b29e989c989c9c98 |
|
VISUAL
wHash
|
d8c0ccc4ccc4c0dc |
|
VISUAL
colorHash
|
07202010000 |
|
VISUAL
cropResistant
|
b29e989c989c9c98 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.