Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12D516517C158766305928213F500E3C7BB2E546827614FDA76FA821C56C2E9FCFBB06E |
|
CONTENT
ssdeep
|
48:TXz/uJveXZfYKXjri0T/fnHd7mrhc6HjcJ+wSb3Lt3myqu:TbuJvEZf1XP3TXNmrS6gJ+zp/F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b0b093b664db396c |
|
VISUAL
aHash
|
c7cfcbcbc3cf3c00 |
|
VISUAL
dHash
|
8c96969696987806 |
|
VISUAL
wHash
|
c7cfcfcbc30c3c00 |
|
VISUAL
colorHash
|
07007000080 |
|
VISUAL
cropResistant
|
8c96969696987806 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.