Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C8431A993855B016477340F394BB2A89B3391C2FE91C45E1A1B4CBE572B88F5216BF8F |
|
CONTENT
ssdeep
|
768:GyWu/PNwWyuv5T9H+G/11QsDZ/u5HdX8U89TBzjXuNP5FuO6cj6Un38AKNge9wGG:rC96UZwByOloQzZs8oWQbp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b038c9c3c76d66c6 |
|
VISUAL
aHash
|
cbc3c3c3e7e7efe7 |
|
VISUAL
dHash
|
321eb61e0d1e1c0c |
|
VISUAL
wHash
|
c3838383c7c3c7c7 |
|
VISUAL
colorHash
|
07c00018000 |
|
VISUAL
cropResistant
|
321eb61e0d1e1c0c,fcf1fdfdd7dbcabc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 700 techniques to evade detection by security scanners and make reverse engineering more difficult.