Patent · US Active

Method of correlating distinct phishing campaigns by identifying shared modus operandi

US12341812B2 · kind B2 · utility

0Cited by

1References

22Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Iosif V. Onut · Gatineau, CA
Julien Cassagne · Montréal, CA
Ettore Merlo · Montréal, CA
Guy-Vincent Jourdan · Ottawa, CA
Cheng-Ta Lee · Taipei, TW

Key dates

Filing date	Dec 1, 2022
Grant date	Jun 24, 2025
Priority date	—
Expiry date	Sep 21, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F8/427
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Aspects of the invention include techniques for correlating distinct phishing campaigns by identifying shared modus operandi. A non-limiting example method includes building, from a source code, an abstract syntax tree and building, from the abstract syntax tree, a decloaked abstract syntax tree. The method includes removing payload data from the decloaked abstract syntax tree to define an obfuscation pattern. The obfuscation pattern is compared to a plurality of predetermined obfuscation patterns. The method includes correlating, based on the comparison, the source code to one or more phishing kits.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.