Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17B23A5659209B0620B7B4FF4A87D41171297999FF8B2B0609D6AF7E634C3FF4AD5E008 |
|
CONTENT
ssdeep
|
768:aPttpCryJUT3TRtKiJKR3vRmWM+HqqZjispgNmzUmwCE+GnIWnIjiD99jifr0aiZ:aPttpC2JUT3TRtKiJKR3vRmWM+HqqZjS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b372ce8158ce8cbc |
|
VISUAL
aHash
|
e7e7c7c4476fffff |
|
VISUAL
dHash
|
8c0e9f099dd9ce36 |
|
VISUAL
wHash
|
67c3c3c0454f2fc3 |
|
VISUAL
colorHash
|
07203000040 |
|
VISUAL
cropResistant
|
8c0e9f099dd9ce36,582e371827618326,3c3c19535efd7d7d,e86233339b8d978e,0008303232100800,72cfe7e3e3642d99 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 424 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)