Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16C234A726332B4B843DB91EEA7382E55B2C2989DF8CB4554F5C55ACD23C3C806297BB4 |
|
CONTENT
ssdeep
|
768:aF+EsZx8/G8gC47DawRMhB2mwvMhB2fwZCN2/y9dGDTDiJE56ITmH+LCBlvNPqDN:aF+EsZ/8gV7DawRMhB2mwvMhB2fwcN2p |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ea7a9aca6c689a92 |
|
VISUAL
aHash
|
bde7c3c3c3e7e7ff |
|
VISUAL
dHash
|
71490f17174d0d01 |
|
VISUAL
wHash
|
8de7c1c1c1c1e781 |
|
VISUAL
colorHash
|
07006000080 |
|
VISUAL
cropResistant
|
71490f17174d0d01 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.