MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a malicious redirector link and a mass external PDF link farm, indicating a phishing or content-luring attempt. The heuristic 'SE_MFA_LURE' suggests the document is designed to harvest credentials or abuse multi-factor authentication. The embedded URL 'https://ttraff.ru/wix?keyword=aadhaar+card++password' is a primary indicator of this malicious activity. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
MFA / one-time-code harvesting lure high SE_MFA_LUREDocument asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=aadhaar+card++password
- https://static.usrfiles.com/ugd/b8c837_782af9f86f0f42eb96f5965a607cb2f8.pdf
- https://static.usrfiles.com/ugd/0c41e7_7cb2c182479e4c1ba9e0b5386f8782c2.pdf
- https://static.usrfiles.com/ugd/8ba634_c8a62c6ba97c475da30462fc52228ac1.pdf
- https://static.usrfiles.com/ugd/01e791_d21a73b23de848a2a871f1fb3273b6a2.pdf
- https://static.usrfiles.com/ugd/aef5b7_b66abe2ae7a0486086cb0f4ac294df31.pdf
- https://static.usrfiles.com/ugd/756799_636fab30a1d742a58f63893d621f4c29.pdf
- https://static.usrfiles.com/ugd/b8c837_0ddc64a6189e4df68c5b58a07307fed2.pdf
- https://static.usrfiles.com/ugd/704566_4a7d8f33a583446a8de4e6b4f6ad9189.pdf
- https://static.usrfiles.com/ugd/b8c837_99bc11497dc34e3d9d1ab12ef2ae3b82.pdf
- https://static.usrfiles.com/ugd/8b49c6_774c2f9032dc4856b6da52e64d99a047.pdf
- https://static.usrfiles.com/ugd/e3c460_16e8a7a696764160a08ebc81e460a6ae.pdf
- https://static.usrfiles.com/ugd/2ac701_a60496fea9cd4994b56c632bf683ee74.pdf
- https://static.usrfiles.com/ugd/a2ebd8_1bbd011a5b184628942ad41785b9d8b0.pdf
- https://static.usrfiles.com/ugd/3ab5ed_ebbc868fc3754a0996898152009363f7.pdf
- https://static.usrfiles.com/ugd/3f80ec_6e897939e05b425a84262ef74ce0a26e.pdf
- https://static.usrfiles.com/ugd/b8c837_66982b67d4c2464abc877d2469cd7e2e.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006935.bina21bc41c05691818150c0c3816cf04cc0c1acf3ece7b4fa2e56eebed2c7df780 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6935 | 4648 bytes |
font_01_sfnt_off0000790a.bin406219a4d70267c8c97849d5b5a156abb3b622623ff5bf75c6964d7afaf953bc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x790A | 10060 bytes |
font_02_sfnt_off00009b6b.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B6B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.