Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T107233132D84DAE3711A292C4AB65A719F3C2E248CB35CB4AE2FCC34DABD9DD4DC51560 |
|
CONTENT
ssdeep
|
768:W64NJKp4F2DHgLlIoIz3xbR+WkQQGUtNrvZamUM:134Fo+lIoIzhbR+WkQQGoMM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a93b360556f269a9 |
|
VISUAL
aHash
|
000b8b8c027bff00 |
|
VISUAL
dHash
|
cd3b1b29d2d22c45 |
|
VISUAL
wHash
|
000babbc3b7bff00 |
|
VISUAL
colorHash
|
03000040006 |
|
VISUAL
cropResistant
|
88d8c8c8cad81b39,f9e9f4f4e0c0c78f,cecc46cecedadec6,a6cedebcb8c3c7c7,6372e8e0c0d1c1cb,d2d3d2d2b2cd292f,cd7e1b1b295ad2d2,4d5343654d555324 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 47 techniques to evade detection by security scanners and make reverse engineering more difficult.