Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1951592E4C39268B3D4F787D5F126A2CEA26B3169FFD919641AB8851073CBC338521E35 |
|
CONTENT
ssdeep
|
1536:HKzfRJtZP1XXxO1R4o1Deee6lUuRNka2wblHbJLwLIz9GguGOjjRnK:6JtE4KrX2wd9W/guGO4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9f626ae4c0959d95 |
|
VISUAL
aHash
|
ff000e1e1e1e1e1e |
|
VISUAL
dHash
|
677f787878787c78 |
|
VISUAL
wHash
|
ff001e1e1e1e1e1e |
|
VISUAL
colorHash
|
0b000018400 |
|
VISUAL
cropResistant
|
677f787878787c78,bcb9b931f9f9b7b1,a2fcb0fafafafef8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 779 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)