Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T134620A3480589E3741A3D1E9A7B22F1F32C5C38BDE4B2B1613FA83996FCAC81DD65611 |
|
CONTENT
ssdeep
|
192:4xHcnmo3v7/PgDnecaXP2DdBMby3NG47yDhfOD0bW8iveFEqb87n4/hI+:Fmo3v7/Pg7ecAP2DdEB4KY0wqDpP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e407dea1f0a9d2a9 |
|
VISUAL
aHash
|
000000e7c3c3c3ff |
|
VISUAL
dHash
|
d469609616969696 |
|
VISUAL
wHash
|
360000ffc3c3c3ff |
|
VISUAL
colorHash
|
03000000180 |
|
VISUAL
cropResistant
|
8000d0c0d0d200c0,e5e6a2a8a8302585,8e96969696969694,556d6269686a9696,4d92924cb64c924c,4d9292cdb6cc92cc,4dd2924cb24c924c,020a070707070a00 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 214 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)