Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C213619A310865E5C2F38ED8981025946142EB4FCD718770C2F84F3A67E79A5B788F7E |
|
CONTENT
ssdeep
|
768:6TrNTrXTrHOpEvH5tWACV9Q84yRl5PAhs4jY7yUjJoHbqL0:6ThTrT7O6IFUM7NL0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
add2a5d0daa9d0a5 |
|
VISUAL
aHash
|
ff0f0f0d00000303 |
|
VISUAL
dHash
|
f9397b793cb616f6 |
|
VISUAL
wHash
|
ff1f0f3f8f000303 |
|
VISUAL
colorHash
|
31600010000 |
|
VISUAL
cropResistant
|
04040c0c200004d1,c9c8b0b088b18e8c,f92979793cb616f6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 36 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)