MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with the primary malicious link being a redirector to 'https://ttraff.link/wix?keyword=atlanta+falcons+kroy+biermann'. This suggests a social engineering lure to drive traffic to malicious infrastructure. No scripts were extracted from this sample, limiting the analysis of direct payload delivery or execution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=atlanta+falcons+kroy+biermann
- https://cdn.shopify.com/s/files/1/0427/9389/4044/files/xawazoxozixusivegu.pdf
- https://cdn.shopify.com/s/files/1/0440/4848/2454/files/43787707398.pdf
- https://cdn.shopify.com/s/files/1/0432/8692/1374/files/5977238397.pdf
- https://a9c36163-770c-45eb-bf75-0d26dad29661.filesusr.com/ugd/e54fc7_6bf8f05458de466fa85d26a81578c9ee.pdf?index=true
- https://df77b038-ac74-42c5-a453-8af214478c16.filesusr.com/ugd/46429b_74356a93be9c4c2d9517b63a096a91ac.pdf?index=true
- https://8a0e534b-4593-43b3-91ca-04f272c0a889.filesusr.com/ugd/cbe7f7_992196e14aca459a943f5eb5c5ce4e78.pdf?index=true
- https://c30ee9f0-a341-4529-9bfe-7e08c2a6673c.filesusr.com/ugd/135178_645589304b804e608e180974c68bcaca.pdf?index=true
- https://fe3724bf-5a07-46ac-b7e9-3c708db54e03.filesusr.com/ugd/cc089a_81a6d7c89c8d499fbd53e82de5b435d1.pdf?index=true
- https://388cbcf0-7874-4f92-9288-c2a1332a27e6.filesusr.com/ugd/ebcc4b_54b3a90ef6dc4896b16a09c562a82812.pdf?index=true
- https://554dc969-b4bb-4999-b6e8-b52c03678555.filesusr.com/ugd/65e777_272febf9db09490fae5d1fc2aeb1fc1d.pdf?index=true
- https://a9100401-8f89-420a-b534-5f29848cf258.filesusr.com/ugd/370ea2_a2c69839dbdd488e89d38ce144c11816.pdf?index=true
- https://20e7caa6-513e-4929-9c8b-3c3037967028.filesusr.com/ugd/3d514e_318ede21c92a4bc7b59847d91b3dc803.pdf?index=true
- https://e4873c72-e72f-4961-a5ad-65968120f8e3.filesusr.com/ugd/81cd61_ee5990aa20634692bb67ca53274755d1.pdf?index=true
- https://50379580-0c84-4864-a273-d740f34a4976.filesusr.com/ugd/e5a943_851d23b759a54a758afe082a7cf0c4d1.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068ab.bin3dd9baa92af9c2379960b09b9caaf5938bd2547f076bb0817c444cc200f584d1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68AB | 5324 bytes |
font_01_sfnt_off00007ac2.bin26cbcdaf86494b99b6bd80470f9203e6917908ba39581e4caee9ff552a00acdd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7AC2 | 10520 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.