Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18413EF1DCEACF4A2141312E687D12B3572639AB8D68DDFED84F012E63354C507B96B1D |
|
CONTENT
ssdeep
|
384:cYna6Ra5269p8lZO54h4tY4rAGa5yLZkza5Gt9kdkXOfcO2eEOzNsWoMyza7Jh:Ds5mm5G4w5yz5GBUcxelNb7Jh |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d51e1c6a63636762 |
|
VISUAL
aHash
|
001ff0f0ffff0002 |
|
VISUAL
dHash
|
6430484a88840902 |
|
VISUAL
wHash
|
000ffcfcf9ff0100 |
|
VISUAL
colorHash
|
07000018003 |
|
VISUAL
cropResistant
|
6434484a88820902,3434b03474744448,639898c998d8d825 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 133 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)