Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1403393B292A87A3B125B92C577507B5EB592804FCD430FC5E2F493598BDFED2E824318 |
|
CONTENT
ssdeep
|
768:LllgHxF2AW6xi2tswElXooFjtPbm7yTx0VfHKEX9KKT6pFTJHab:5t+6Kdtp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bfc04037473d343b |
|
VISUAL
aHash
|
dfff8f8f8f8f8b00 |
|
VISUAL
dHash
|
b6811d7f5f5f1b3b |
|
VISUAL
wHash
|
02ff8f8f8f8f8300 |
|
VISUAL
colorHash
|
06681000000 |
|
VISUAL
cropResistant
|
b0bd1f7f5f5f1b1b,8241a2a6a6828100,1f3f5f5f1f1b1b3f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 940 techniques to evade detection by security scanners and make reverse engineering more difficult.