Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17A930976D244A77B50038FA9F421FF08A1CB856DCB27C59AE3EF02925792CF28D34994 |
|
CONTENT
ssdeep
|
1536:ALSvehcuGMhm1gdRnpvR8hEkbD0qcNO3IuRY95TdWU0Bx9a+7i0aUaQxMlypcCmf:ALSvehcuGMhm1gdRnpvR8hEkbD0qcNOw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c869c1b43fc836e3 |
|
VISUAL
aHash
|
09383800007e7e7c |
|
VISUAL
dHash
|
93d3d1530fa4f0d8 |
|
VISUAL
wHash
|
db783c08007e7e7c |
|
VISUAL
colorHash
|
38400010001 |
|
VISUAL
cropResistant
|
f0b9a9333112040e,e5e2c4b0b97a32cc,7164ceca58632ab0,93d3d1530fa4f0d8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 342 techniques to evade detection by security scanners and make reverse engineering more difficult.