Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FE43C9306845ED2601DF99C9A272162A62F98345CA63128DFAF5C7F94BFFC2DCA73105 |
|
CONTENT
ssdeep
|
768:sQNsIx/jfIx/jsFPx7ZlqflzI00BGdK6rfwv6he+0WHjC0I76Uf7SUt7pP:TsIxLIx4FPx7ZlqflzIThe0P7l7b7pP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a501fe19f341e7c1 |
|
VISUAL
aHash
|
02047642660640f7 |
|
VISUAL
dHash
|
deecc69edcce8c0d |
|
VISUAL
wHash
|
660c7662672646f7 |
|
VISUAL
colorHash
|
38000030001 |
|
VISUAL
cropResistant
|
deecc69edcce8c0d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 75 techniques to evade detection by security scanners and make reverse engineering more difficult.