Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18864D9A09AC4911F9083C3C5A775FF6D5152F0EECE440697C1EAD7881DEAC82FCD9A89 |
|
CONTENT
ssdeep
|
1536:GUPIvOZj8mA3Z1LxZ5Yl9Qxg/Bf6BWa9JE++41WlQSYbE9cpg1AxtgWs7:GUigANDHIHi49cpOAxE |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec6893936e13196e |
|
VISUAL
aHash
|
08f1f1f1f1ffffff |
|
VISUAL
dHash
|
db232327235a8c3a |
|
VISUAL
wHash
|
00d1d1d1b183e6ff |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
db232327235a8c3a,e0a4e46072fe7870,0806191818183248,e4d09092dadae0e5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 38 techniques to evade detection by security scanners and make reverse engineering more difficult.