Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1087204A09514281F7A038DE67DD2BB0DAA92C325E90302D4B7595DCE0FCFDB4D16EB91 |
|
CONTENT
ssdeep
|
192:FcKYhEfbz2fVwksfR6CL9O0yHgBbjO3O56M6MiCkTM0RwS6f6PHtkORBj6Q6MUxM:RJeMgpXw5qlml4IYmD0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
85f85763540bd2ab |
|
VISUAL
aHash
|
e4fefff3ff7f3f3c |
|
VISUAL
dHash
|
4862717626d8e3e8 |
|
VISUAL
wHash
|
c0fc7eb03e1e033c |
|
VISUAL
colorHash
|
07038000000 |
|
VISUAL
cropResistant
|
4862717626d8e3e8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13205 techniques to evade detection by security scanners and make reverse engineering more difficult.