Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T129B3C9706580AD51800783E4F7B2DBAA3355815ACB8B878486F0AF9A9FE5DC1CEC355F |
|
CONTENT
ssdeep
|
1536:Pzk9s0id444T+xCI+fDLuILwyk/hfNrcg5wZtlvfECFC9Dzin444zcg5wZtFvfvL:bA7K498Jtcg5wZ7vfEOMcg5wZrvfvL |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e96916964f92126f |
|
VISUAL
aHash
|
00fbf9f9fbffff00 |
|
VISUAL
dHash
|
43321353d3123464 |
|
VISUAL
wHash
|
0081c9f9f9dfdf00 |
|
VISUAL
colorHash
|
0e0000001c0 |
|
VISUAL
cropResistant
|
1333135353131c22,00821b23271bc300,4d31cd8707179775,208414d4f0144402 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.