Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1811310306900DC3741CBA6C8A672577A22F58341CA030689FAF4D7BA9BEFD69CB37155 |
|
CONTENT
ssdeep
|
768:ZsIx/jdmj+/2ULMq7Zretp7pO/mUUf79vq:ZsIxZmj+/2YMq7ZrTm779vq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c33c681ee7d2386c |
|
VISUAL
aHash
|
00000c6c6c6c6c61 |
|
VISUAL
dHash
|
0cc05849c9c9c8c5 |
|
VISUAL
wHash
|
80102e6c6c7c7e7f |
|
VISUAL
colorHash
|
30012000200 |
|
VISUAL
cropResistant
|
c1f0f0f8bcb4bc3c,0010040c9e0c3004,0cc05849c9c9c8c5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1532 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)