Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T114235B726722B8A843DB91EEF7383D55B2D1488DF8CB4414F5C95A8E23C3C906297BB4 |
|
CONTENT
ssdeep
|
768:ax+EsZx8/G8w4uDawDMqBWw2MqB3CN2/y9dGDTDiJE56ITmH+LCBlvNPqDvKAz5I:ax+EsZ/8TuDawDMqBWw2MqByN2/y9dGC |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f969618696969696 |
|
VISUAL
aHash
|
c1c1c3ffffffffff |
|
VISUAL
dHash
|
9f9b1b5c1e1e1c1c |
|
VISUAL
wHash
|
c1c1c1c3cbc7c3c7 |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
9f9b1b5c1e1e1c1c,ffffaeb2f3edfdff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.