Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18FE1CA30B8846B7700C3D6E6A778971FB3E28286CA37670657F9839D4F9BD49CC12619 |
|
CONTENT
ssdeep
|
96:TO7D98BRAuQEhOPvncqZIM05GFs0wQRwfwSwaT6LjfSaPRM0ws7vmehD+:a7D98BqupQHgpSjBrj+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9111ee6e6891b66e |
|
VISUAL
aHash
|
000c0e0e00ffffff |
|
VISUAL
dHash
|
83d8dc98984c2b2b |
|
VISUAL
wHash
|
000c0e0e00ffffff |
|
VISUAL
colorHash
|
030000001c0 |
|
VISUAL
cropResistant
|
a82b8888cc2baa8c,0c0c4c222b2b2b00,9401d8d8d8d89803 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.