Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C1D35232A462A43F426AA1C4E1706F4A7287E346CB8747D1A3F4936E2FD9D94DC1739C |
|
CONTENT
ssdeep
|
1536:AGZzmfs5YVe6wOpa6w7+dlnbWsSlFwcTBVRv6u6Q5USyinignaynM/4dZFHUy/U0:WdQnSgf0Hm0+kN6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec4c99939b6b2e44 |
|
VISUAL
aHash
|
ff0210f3ff83e3ff |
|
VISUAL
dHash
|
5b342647104f0f33 |
|
VISUAL
wHash
|
9d0000b3ff83c1ff |
|
VISUAL
colorHash
|
0704000b000 |
|
VISUAL
cropResistant
|
5b342647104f0f33,17307636b6b7b537 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3499 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)