Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16A83537291942067020386C8F1E1BF5EE6D3821DDF838495E2F543D96BDAD90ACA9B1F |
|
CONTENT
ssdeep
|
1536:ZW3WNV1HvPZAvBgv+VKkbeOvEEdv4UMxmb:4i13ueJzUWmb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cab725ea1a4b3552 |
|
VISUAL
aHash
|
00fffefcfcfdf800 |
|
VISUAL
dHash
|
2b2ad07535b56a2b |
|
VISUAL
wHash
|
00fffeb814f5f800 |
|
VISUAL
colorHash
|
07000018010 |
|
VISUAL
cropResistant
|
2b2ed07535a52a2b,e0e0903092b2a3d2,4f4f076b290b870f,8e33617154746129,a593a26969a24db2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 329 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)