Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D9E176E1C108DD37032286D6F7F52B5FB992C349CF06098453F842EB9BDAC70CA66699 |
|
CONTENT
ssdeep
|
96:TkcUv79oh4lzH0XfeGiEdt7zpzDwvF3epXnHFCeFXfz/JFt7zaqQPJ:QcUv79oh4lzH0X1iEdxpzXF7NzPxaqQR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b91369d6ce6c464c |
|
VISUAL
aHash
|
c3c3c3c3ffffc3c3 |
|
VISUAL
dHash
|
361e1f17000e0717 |
|
VISUAL
wHash
|
00c3c3c3ffff8181 |
|
VISUAL
colorHash
|
07006080000 |
|
VISUAL
cropResistant
|
171f1717000e0717,a424c9d9915b24a4,b4b4b0b4b4b4b0b0,692d2c0c86b6b430,e69090c88c94c080 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)