Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16F72B67160886D1F5987F1C0BFB1EB6EB1858345C6424B5D03F8E22ADBCBDB5CD290A9 |
|
CONTENT
ssdeep
|
192:Gd9EM5MzM3wIk1/UII1NSM8o2SYcZlyREAz9s7A217lRxvrMhfrUXbSDriR1rqZH:89W1/UIIvTtsRGaUxulc05iiU/tla |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec926d93c24e996c |
|
VISUAL
aHash
|
ffc783a7fffff1d1 |
|
VISUAL
dHash
|
632e362d2df8e7a7 |
|
VISUAL
wHash
|
3f0383879f7f3101 |
|
VISUAL
colorHash
|
07400000600 |
|
VISUAL
cropResistant
|
632e362d2df8e7a7,eee44447c3c6e7e5,e2d6d0d6d4d4f49c,7134ce3634347250 |
Victim enters credentials into 2 fake forms. Form data is captured via JavaScript or backend submission and transmitted to attacker's server for account compromise.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.