Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10C431BF93D49B5521B7291D3B0AF364BB33A146F390C5AB0B1A0DE9530B84A4507BF9E |
|
CONTENT
ssdeep
|
768:lyWu/WirPy8n+W1CD5sL/XTeu11nU/ujwqo5L9fFcNwGQMZHbc/1X8Uu1HP9H5S1:SHP5sv/GyOloQzZs8oWQbp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b083cdcec68bd58a |
|
VISUAL
aHash
|
cfc7c7c7c7c7cfc7 |
|
VISUAL
dHash
|
989e9c9c9c9c9c94 |
|
VISUAL
wHash
|
cfc3c3c3c1c1c5c4 |
|
VISUAL
colorHash
|
07000000000 |
|
VISUAL
cropResistant
|
989e9c9c9c9c9c94 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 471 techniques to evade detection by security scanners and make reverse engineering more difficult.