Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11533876321C0777F02930293A16A2B92E3F544A4F362026554EFC7AE5E86CB4E7776D3 |
|
CONTENT
ssdeep
|
768:QN44WyCx7IGU0bXL32lwW82qsa04LZ2SOLE794PO+9txHAf17SCN6RsR9/3tNfw8:QN44M+G4iWFUIS8E7z3xCMNfwob |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bf51471458135fd1 |
|
VISUAL
aHash
|
00c3cb89c383e781 |
|
VISUAL
dHash
|
9607133b27270f2b |
|
VISUAL
wHash
|
00e3cb9bc383ff81 |
|
VISUAL
colorHash
|
03006000080 |
|
VISUAL
cropResistant
|
07133b3b272f0f2b,022196b6b6969266,1b1b392d2c236796,4d432980844589a9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 946 techniques to evade detection by security scanners and make reverse engineering more difficult.