Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C9F285B2B158B137027BC3D2B225D3AB72F59209C957032066FCC3AC9BD7E59ED1A245 |
|
CONTENT
ssdeep
|
384:rJCqqXqhuII/e9eRd4k0Sdc8ZQzxpdHLs2OivSaNCE5MlGXfOnew4B5HGSVGevxL:rJCqqXqhuIIX87vmlGPeebXT5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c9693346634379d |
|
VISUAL
aHash
|
063c181018181838 |
|
VISUAL
dHash
|
d47130b43232b2f0 |
|
VISUAL
wHash
|
ff3c3c1c18181c7e |
|
VISUAL
colorHash
|
38008000c00 |
|
VISUAL
cropResistant
|
d47130b43232b2f0 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.