Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12622A812E349661C136F421CEAA1D2DE7B044695D22D1FDA6AF8812FF44C3D4863ABDD |
|
CONTENT
ssdeep
|
192:5nw1p+Mu0WHN6fBetJM6pk3GgDZkEOSBHG9nwO/Vr9Q29rAmDgq:wu0Oc5hsakRSBHG9bVrl5HD5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b146ce1b95a564ea |
|
VISUAL
aHash
|
000000020a00ffff |
|
VISUAL
dHash
|
e8888a9a9a8a1607 |
|
VISUAL
wHash
|
000062ceea4affff |
|
VISUAL
colorHash
|
3ae00008000 |
|
VISUAL
cropResistant
|
ec8e99adb0b13133,9c78e1c3c6c4c3f0,000296010f0f0680,e810888a9a9a9ada |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)