Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T169F1BBB30509C95F1E00C2DAE44334D8D29B561E87A8E8B9F18E0F5762A4EE150EED7B |
|
CONTENT
ssdeep
|
192:LfnjS3UzOJ7dzEhtdtVatqHiTqntltj35bd6BBumGVS8Del:7nlzO1dzEhtDkqHiTqtLj35bd6BBumGG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93cd636c343c3a3a |
|
VISUAL
aHash
|
307c2c360c1c046c |
|
VISUAL
dHash
|
43c8c8ccdcfccccc |
|
VISUAL
wHash
|
80783e7e5e3e046e |
|
VISUAL
colorHash
|
31000007000 |
|
VISUAL
cropResistant
|
43c8c8ccdcfccccc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 438 techniques to evade detection by security scanners and make reverse engineering more difficult.