Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1335243709162EE3701E7C2E8A7761B1F62C5C388CA43470923F9E75D4FEAE5AED91120 |
|
CONTENT
ssdeep
|
96:T1+cETAs8te4QYpGTfwW5tBHECOeR3NRommF2kimaDkim7AkimuSkjJT1AgWaVtT:wcETAs8tVQYpG9upPaxt6d4a5q |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
856b6315d842fa37 |
|
VISUAL
aHash
|
202b3b1e1e1606ff |
|
VISUAL
dHash
|
cbc3abf4d4f4ecac |
|
VISUAL
wHash
|
202b7b1f1e1606df |
|
VISUAL
colorHash
|
19400600000 |
|
VISUAL
cropResistant
|
8484848484848494,cbc3abf4d4f4ecac |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 51 techniques to evade detection by security scanners and make reverse engineering more difficult.