Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EEB1B62FD24C223607A440E4394A21DDEB4E84AC93739BE558E8C86C33BF7605DB65DB |
|
CONTENT
ssdeep
|
96:fNN2PvXE/zpLbtxdXwEKjOyPK9cezOqYMALNc8OuibvME+yXJ:SPfEbhbtxdv9zOqYM0NYUvSJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a764d81827eed8cc |
|
VISUAL
aHash
|
ff7fff0303ff7f7f |
|
VISUAL
dHash
|
76e6864e4eb0f4fc |
|
VISUAL
wHash
|
17173703030f3f1f |
|
VISUAL
colorHash
|
07000008600 |
|
VISUAL
cropResistant
|
76e6864e4eb0f4fc,0c0e9b8e4e8aae54,9baeabdbdacbba38,1717adad9dbd7776 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)