Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CAC2BBB4C064783E521758DCB63233EB35DB535F8BA3161056B9E6B74BC6E8CC6218CA |
|
CONTENT
ssdeep
|
192:fdI6sx7xdVLq0R4vV3yUFvV3TvV3lm5vV3XvV3tvV3NQmvV3lvV3uvV3GoQvV3HA:qVVeyUHll8Z/pnKGocH0BwnG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c26969c7693d9632 |
|
VISUAL
aHash
|
20783e003c7e3c3c |
|
VISUAL
dHash
|
d4d0dcecccd4f0d4 |
|
VISUAL
wHash
|
207c7e007e7e3c3c |
|
VISUAL
colorHash
|
31000408008 |
|
VISUAL
cropResistant
|
cf97e5adad8dc8db,713369fcf8f4e666,3b3161d498844666,4b33736964ecc327,d4d0dcecccd4f0d4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4091 techniques to evade detection by security scanners and make reverse engineering more difficult.