Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T127630F31A940DC2701C7C5C463B22B6E62A9C315C6130AD9FBF483A95FDBCACDE76265 |
|
CONTENT
ssdeep
|
768:2KhvvDEUivlGr+23TqzTwlqWqzbBvvvvfxLuHv4xOsIx/jZDUf7l:cvh23oTwlqWqzNvvvvfduP4xOsIxt87l |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f85bb40e23870f2e |
|
VISUAL
aHash
|
80c0e0e8c0d8ffc7 |
|
VISUAL
dHash
|
1908291b2b232e2e |
|
VISUAL
wHash
|
80c0f8e8c0d9ffc7 |
|
VISUAL
colorHash
|
07206000040 |
|
VISUAL
cropResistant
|
1808010b2b232e2e,e1c3dbdafafab6f4,beb3721a1a2a7a3c,2c242cecec48d9da,19182809130b2b23,87cfcedcd0f09399,80849412470f7c64 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 70 techniques to evade detection by security scanners and make reverse engineering more difficult.