Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F09318F2E2D8ADB5F113A3D4F090A6170297123ADF4B89C4D77C86B4A7D6C8A0D375A1 |
|
CONTENT
ssdeep
|
768:8iW2p2sH18u8S5W5b5oXzAN5/J0Ff+FlRMDHfZlttQAeai4cUUXSwhc0m0fnP:HzANdfhc0m0fnP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ad05769238466dde |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
bfe7d6d73b1b2c2f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000e00008 |
|
VISUAL
cropResistant
|
f7c6d6d73b1b2c2b,dcf7f7c3d6d6d6d7,1536372b0f1c1d8e,7fffffffffffffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)