Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C403215131085A9AC2F34CD894107A857186EB4FC8318770C6F84E7A5BE6A75B3ACF7E |
|
CONTENT
ssdeep
|
384:28O0oe2zeKe8KlUmY6BzmsGwB4npNgszxcowX6vqDoBccgszpboBcbX+zS7+zlzp:vU/6BzFGwBEnwqvqjzIQ9I0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
91e4e253da9ae629 |
|
VISUAL
aHash
|
ff18021c181818ff |
|
VISUAL
dHash
|
d4f296f8b2f0b0f2 |
|
VISUAL
wHash
|
ff3a423c08181cff |
|
VISUAL
colorHash
|
16e40000000 |
|
VISUAL
cropResistant
|
04040c0c0c040408,b6b55b6a8a6b252b,aaaa3535b51baaa2,ba2a4a45b5952aab,e001090900000000,f4b696f8b2f0b0f2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.