Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B7838522E362191250BF95D8B1664B492252878DCB034BF567EC27BAFACDCB5371339C |
|
CONTENT
ssdeep
|
1536:5Y7cmBee+eeehXeheeZ5PUgOq61equJIZeSXeOzAmTYkC0RnXbBBYLeeO2WeeeA2:y2JPUgOq6ELIP9k222I2222222vCTd2C |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2cc0e691a97cd4d |
|
VISUAL
aHash
|
3c727e6c44466444 |
|
VISUAL
dHash
|
e1a6e0d8888ac88c |
|
VISUAL
wHash
|
7c777e4646464646 |
|
VISUAL
colorHash
|
02200030000 |
|
VISUAL
cropResistant
|
41564e64514e6c45,c1a6e0988a9a8888,e1a6e0d8888ac888,04c836f815152d29,b8a104c8b0869cb8,d7693248cccc442c,3764677363686931,b8e0240880a08686,97c4693371f1e1e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)