Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A74234A28440542B111641CA7657EF8B3483E2458F7A0852A79543AB7FEF7E09CFF39B |
|
CONTENT
ssdeep
|
192:RSiS7oiwQcYIggT8Le69omlu3sIbyxKDW6gtz3pj0YXN2a:RSiS7oiwQ8o1wJe3pj/dB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e56913924f671a9a |
|
VISUAL
aHash
|
00c3c3c3ffe7ffff |
|
VISUAL
dHash
|
16169696160f0c00 |
|
VISUAL
wHash
|
0003c3c3c3c3e7ff |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
96169696160f0c00,696169795f4ecc0e,0000343430303410,32f0cc73f0ccc828 |
• Amenaza: Phishing
• Objetivo: Usuarios de DANA
• Método: Suplantación de identidad y recopilación de credenciales
• Exfil: login.php
• Indicadores: Discordancia de dominio, código ofuscado, envío de formulario JavaScript
• Riesgo: Alto
The attacker attempts to steal user credentials by creating a fake login page that closely resembles the legitimate DANA website. When a user enters their information, it is sent to the attacker.
Pages with identical visual appearance (based on perceptual hash)