Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A063853292865C139197C2D9F1709B0E3381C785CB134B6563F957AEBECECB6AE1129C |
|
CONTENT
ssdeep
|
1536:jgUOfd91u1RqPIO131S1V+Jl171e1B1GQAtCLFhyeeeewyeqeMeeeeHIeeee5dEk:oURqrl4V+tZkjPh12R6HII83EDITIINQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3cd363893c99269 |
|
VISUAL
aHash
|
3000787a48464646 |
|
VISUAL
dHash
|
6b67e2d29a88988c |
|
VISUAL
wHash
|
b1f0fffa42464246 |
|
VISUAL
colorHash
|
02200038000 |
|
VISUAL
cropResistant
|
6b67e2d29a88988c,4c4cc430e7f26464,937362e2230f3636,262659438d3d9b98,2764e7f7e3ca6823,d7693248cccc442c,9597e328d0e0f090,9793d6c449239771 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)