Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11983547291942067020386C8F1E1BF5EE6D3821DDF838495E2F543D96FDAD90ACA9B1F |
|
CONTENT
ssdeep
|
1536:ZWUWNV1HvPZAvBgv+VKkbeOvEEdv4UMxmb:4v13ueJzUWmb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cab725ea1a4b3552 |
|
VISUAL
aHash
|
00fffefcfcfdf800 |
|
VISUAL
dHash
|
2b2ad07535b56a2b |
|
VISUAL
wHash
|
00fffeb814f5f800 |
|
VISUAL
colorHash
|
07000018010 |
|
VISUAL
cropResistant
|
2b2ed07535a52a2b,e0e0903092b2a3d2,4f4f077b690b870f,8e33617154746129,a593a26969a24db2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 363 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)