Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1446310B012443D7F958786D87263BBA1614B868CCFA7C358959E0B32DF87CE6F722950 |
|
CONTENT
ssdeep
|
768:XIJ6ohA0xGn+awgJJrHvJkFoKOPKBPK4PKAPK0PKaq59FEVDY8LqWDBix3PUw969:wA0ChSq5MFHM5kgcx+6/Xd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3f2573c2d1c9332 |
|
VISUAL
aHash
|
00fcfd0303181820 |
|
VISUAL
dHash
|
92c9c9cbcf30f0cc |
|
VISUAL
wHash
|
c0fcffe70318183c |
|
VISUAL
colorHash
|
30007000040 |
|
VISUAL
cropResistant
|
92c9c9cbcf30f0cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189678 techniques to evade detection by security scanners and make reverse engineering more difficult.