Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C13262705268AD3E4153C0DAE37A272A30DA92AEDF8F030097ED53F916D7C59FC26055 |
|
CONTENT
ssdeep
|
192:MARTir1uofsh3l9TSguqTlchwTqKYDDcTHW9IIUA3/TzvyhiNQC:MAtir1uofsh3/SguKlchYqzDc29II17Z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88dc235d8c667799 |
|
VISUAL
aHash
|
1818181818000101 |
|
VISUAL
dHash
|
303230b2320c0303 |
|
VISUAL
wHash
|
3c3c18181b190303 |
|
VISUAL
colorHash
|
38000000188 |
|
VISUAL
cropResistant
|
303230b2320c0303 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 142 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)