MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document was flagged by multiple critical heuristics for containing malicious redirector links and a large link farm. The primary malicious URL identified is https://ttraff.ru/wb?keyword=apics%20supply%20chain%20pdf, which is likely used to redirect users to further malicious content. The document body is heavily obfuscated, preventing a clear understanding of its specific lure, but the extensive linking strongly suggests a distribution or phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=apics%20supply%20chain%20pdf
- http://files.alswinners.com/uploads/1/3/1/3/131379085/zerasu_zesori_xuvozanov_gotazidoxe.pdf
- http://files.berlangadentures.com/uploads/1/3/0/8/130873795/papusowe_buraruteruluruj_zigegafoxuw.pdf
- http://files.danpollockthrillers.com/uploads/1/3/1/6/131606268/xonujenovadidog.pdf
- http://files.opendoorsspokane.com/uploads/1/3/1/8/131858540/8438683.pdf
- https://zorevuz.files.wordpress.c
- https://zigonasoxovu.files.wordpress.com/2020/06/tapog.pdf
- https://zamawije.files.wordpress.com/2020/06/sekadozo.pdf
- https://diwegola.files.wordpress.com/2020/07/89297027048.pdf
- https://zorevuz.files.wordpress.com/2020/07/35088990310.pdf
- https://gozulij.files.wordpress.com/2020/07/daminujutadatanufimawolu.pdf
- https://wupobififid.files.wordpress.com/2020/07/68836162447.pdf
- https://cdn.shopify.com/s/files/1/0434/0439/4661/files/rafokasuremozuvir.pdf
- https://cdn.shopify.com/s/files/1/0433/1952/5531/files/61152632185.pdf
- https://cdn.shopify.com/s/files/1/0434/2205/6600/files/vavikotisavawomebaw.pdf
- https://cdn.shopify.com/s/files/1/0431/8353/8331/files/36867196358.pdf
- https://cdn.shopify.com/s/files/1/0433/7994/9718/files/lukesuz.pdf
- https://cdn.shopify.com/s/files/1/0428/3321/5654/files/33229395764.pdf
- https://cdn.shopify.com/s/files/1/0431/3215/8116/files/99320718436.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/giratajolexodomofavewolov.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000736e.bin9d7e85b00747cf64192a63644caedc3a681d0b136fff34dd5d9a17067ba5db1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x736E | 4812 bytes |
font_01_sfnt_off000083b7.bin688589caf9cc4d3f57ccca9c07d3ab7ce694937e09e2bd78e725d9769abb68df |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83B7 | 11104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.