Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C4B37431D121653363238AD4707ADB6A7293AB0ECFA3094CA7FEC7DA9BCBC858D15055 |
|
CONTENT
ssdeep
|
3072:8fFONYdXV3KOhNzSavX9j2Io6M7dpRfRhmWxWbPX/XhC9JTvGzTc/N:8fFONYdXV3KOhNzSavX9j2Io6M7dpRfp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f0702f0787877cf0 |
|
VISUAL
aHash
|
00c0c03efeffffff |
|
VISUAL
dHash
|
54a0b4f68cb6d415 |
|
VISUAL
wHash
|
0040c03e7e527fff |
|
VISUAL
colorHash
|
3000000a600 |
|
VISUAL
cropResistant
|
f0dc968eae92ccf0,54a0b4f68cb6d415 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 193218 techniques to evade detection by security scanners and make reverse engineering more difficult.