Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FE536CF9B880F51249B351A760AF2C03737D451B240D8960E659EE8FB1F4869A07BFDA |
|
CONTENT
ssdeep
|
768:UVT0TQH7YFQmCfapc9pv8YhZHHqDUvlC1mCZUV7lWKg/DTE3NHwdZFHikVzc+b47:UiCfH9VLp0KX9zG/dHdzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
921265bd15cce5b3 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
944d496909163e8e |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
1b240000006 |
|
VISUAL
cropResistant
|
650969161f27188e,8010080c0c000080,960d2d49c9650969,822acacaca3a8a01 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 34 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)