MALICIOUS
134
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a high-severity heuristic indicating it is a phishing lure, using an image to redirect users to a malicious URL. The embedded URL, https://jottigo.ru/strik?utm_term=daring+greatly+brene+brown+quotes, is identified as the primary indicator of compromise. While no scripts were extracted, the overall structure and heuristic firings strongly suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.6346
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=daring+greatly+brene+brown+quotes PDF link annotation
- https://cdn-cms.f-static.net/uploads/4458854/normal_6038136021686.pdfIn PDF document text
- http://romeoplanet.club/remote_control_truck_racing_videosypyr6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371248/normal_5fdad5bd4b371.pdfIn PDF document text
- http://winsbig.space/new_viral_my_video_organic_views_generator3iw15.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4478134/normal_5fda32df862da.pdfIn PDF document text
- http://help-lnstagram-verifycopyrgiht.com/458087435611fszy.pdfIn PDF document text
- http://instapriz365.online/bible_verses_about_prayers_not_being_answeredf2erj.pdfIn PDF document text
- http://oblakova.ru/whirlpool_gold_french_door_bottom_freezer_problemsizb5o.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380876/normal_604066da83744.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/895913e6-7f57-4061-8e11-6bf0797883d5/70800567803.pdfIn PDF document text
- https://s3.amazonaws.com/davolazupivowi/brche_addition_subtraktion.pdfIn PDF document text
- https://s3.amazonaws.com/zopenave/free_residential_lease_agreement_form.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/825ef80e-08d1-4cbb-9a44-550a830b849c/how_to_get_viper_5706v_out_of_valet_mode.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9641d16d-4bdf-4bd8-b541-bf4d4c225342/how_to_record_on_qsc_touchmix_16.pdfIn PDF document text
- https://s3.amazonaws.com/jebokizez/87970270155.pdfIn PDF document text
- https://s3.amazonaws.com/sedowedi/6804087891.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b817eb02-f532-43a1-9d6a-f77538893e38/tarot_card_reading_love_life_in_hindi_amar_ujala.pdfIn PDF document text
- https://s3.amazonaws.com/punurum/ralepir.pdfIn PDF document text
- https://s3.amazonaws.com/jepinebawo/hrzn_earnings_report.pdfIn PDF document text
- https://s3.amazonaws.com/sonutopexaramuf/short_guided_meditation_before_sleep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c95ef018-1703-44b4-8b19-ed621e5d672f/jeux_de_cartes_personnaliss_avec_photos.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.