Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C183E629505C603F81B3A6E0F939871E72B98301D7538601B1AFD39C9D8EC7DD9AA778 |
|
CONTENT
ssdeep
|
1536:8w446jtMS0PBrIZDsHnfWsgD/QPQ9Ytx1owYWqEp1IvQyK3TF7cxXS:8x65IZDy+sgD92xotzK3tcxXS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ca6ab554bd922b2c |
|
VISUAL
aHash
|
fe2000101000feff |
|
VISUAL
dHash
|
80434161b3c0c40e |
|
VISUAL
wHash
|
ffe000381800ffff |
|
VISUAL
colorHash
|
02001000003 |
|
VISUAL
cropResistant
|
0300a89280840061,5bcbab585a86b414,8080a0c949a080a0,69d4d4168ad40a12,00204103a0000000,41436161b3a0c1e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 47 techniques to evade detection by security scanners and make reverse engineering more difficult.