Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13A51D960502BF9670093A2D897B7BF0F32E3C206DA833A0203F8979D4BD6D44ED555E4 |
|
CONTENT
ssdeep
|
24:hWCsEjDCmmmKrjdyS1jFt6Xj6XRi65OKV+U8HW12tgqvfGbzv1N9AG0/c6srD/Ko:oEjYdZFtofmEhz+qoz1HYsv/bMFDzI5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8ff0800f7f52a1b6 |
|
VISUAL
aHash
|
ff7f7fb838383838 |
|
VISUAL
dHash
|
e0e6c16363e361e1 |
|
VISUAL
wHash
|
7f3f7c3818383838 |
|
VISUAL
colorHash
|
07200618000 |
|
VISUAL
cropResistant
|
e0e6c16363e361e1,37c3e1a9c9c2c3c5,080911070b0a0614,a549195b13231b16,6060606060203030 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 342 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)