Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T142B46601E6E0652F018B67F6F22668D6EFC815DFAD508DC69168BDF06E90C25FEE1930 |
|
CONTENT
ssdeep
|
6144:JtdSgMuTyCYcKMy/rTf7qgxYrtAzu6hu/jiJi2QiHSLJ+ShXHOQ2pBWdBIy:JtdSgYHxYV/jiJLQilrWday |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
94946b6b3b9896ca |
|
VISUAL
aHash
|
027e7e7e3c3c0000 |
|
VISUAL
dHash
|
4ee6e4f4f8e8f6b0 |
|
VISUAL
wHash
|
2b7e7e7e7e3c0000 |
|
VISUAL
colorHash
|
31000640010 |
|
VISUAL
cropResistant
|
88908081ccecece4,1f9b7efffefdf9f9,4ee6e4f4f8e8f6b0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 40145 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)