Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15E42421190947A3B00A743F2E631976FA7DD826DCEF79B0AA2F4836D0BC7C64DC19199 |
|
CONTENT
ssdeep
|
192:dUd6V0N4rHqo3wwQOJyVM674KtL0vxO3o9in2mditBrJPq3w7mBSbAhbG9edLwJ3:d+6V0N4rHqcwwQOJyC674KtL0vCogn2X |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f45a878a3a3b8d07 |
|
VISUAL
aHash
|
00f0f080f5ffffff |
|
VISUAL
dHash
|
c504921d05000e0e |
|
VISUAL
wHash
|
00c0c080c4ffffff |
|
VISUAL
colorHash
|
07e00010000 |
|
VISUAL
cropResistant
|
2584121d05220e0e,a090e47abcfd1c06,d901040492121d15,301818188dc58101,0c4941414b8b8f0d,0a54f4e46a696906,bcf1031b37266646,5024ea798cd63188 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 38 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)