Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1060224E0D044DC3B631385E6B7B6275F7595C345CF020E9863F862FA5BDACA0C923A99 |
|
CONTENT
ssdeep
|
192:QU37mohOlzH0X1nhvH7hv5I2t68FzHhvgyFhvbSQR:QUIQhvHdv5I2YGvb7vb9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cbc1437b903eb4ac |
|
VISUAL
aHash
|
7828ffffff0000ff |
|
VISUAL
dHash
|
d8d0e5faab696995 |
|
VISUAL
wHash
|
0000ffffff0000ff |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
d8d0e5faab696995,2615454d724a3c34,1169695252521d3d,070b0b0b0b0b0b0b,8ecccce4a72e587c,353531353b33350d,1219e1b228506222,c0c894eaeab58a80 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)