MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, directing users to 'https://ttraff.link/wix?keyword=philips+digitrak+xt+instructions'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links. The document body, though heavily obfuscated, contains references to the redirector URL, suggesting a social engineering attempt to trick users into clicking the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=philips+digitrak+xt+instructions
- http://kasuxorev.soulblisshealingcentre.com/uploads/1/3/1/6/131606490/a669afcd28.pdf
- http://files.empirepanj.com/uploads/1/3/0/7/130775831/6678807.pdf
- https://691b7cc2-c7e5-4af7-9ae8-95f664209ceb.filesusr.com/ugd/89064d_7c67132c7ee54f1491c8ea6a883c2e0c.pdf?index=true
- https://3e2af481-0ae0-4842-a3fa-1b07beb6c7c8.filesusr.com/ugd/d6af85_95d4f4135b9040b6bd443daf869c1b0f.pdf?index=true
- https://5c8eb7a4-4a4a-4355-8569-1b299627c53f.filesusr.com/ugd/2e4eb4_55d2fbaa93bd4e8d8d76c70ac337d421.pdf?index=true
- https://bc2dfa02-4b1f-4b04-b0f7-399946790465.filesusr.com/ugd/3be48b_be92642e03ab4afda077dc36702e16b2.pdf?index=true
- https://c0024e5b-650d-480e-b1b6-1121ad8f9499.filesusr.com/ugd/bba345_2c1026d9026e4d8f8d36d00f41bfc1d8.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/7223/3380/files/xuronafewawig.pdf
- https://cdn.shopify.com/s/files/1/0450/1933/2766/files/ariens_st824_owners_manual.pdf
- https://5b296dfd-2b61-4cb7-9236-cc159661995e.filesusr.com/ugd/3eb4bd_5aa15c5763954b1c845b1957295c26cb.pdf?index=true
- https://1c6f2fa6-44f8-4f77-bd50-50797ded761d.filesusr.com/ugd/b1b3ad_6a7f998415f544a6913786e7794486fe.pdf?index=true
- https://39631599-c222-4c48-92c0-6cc8022ca34f.filesusr.com/ugd/9d869b_8e8b9d329bd44b67b4170f0d072a3887.pdf?index=true
- https://b3986010-7d79-4ecf-a28e-ad4af654e52c.filesusr.com/ugd/3225da_720f88717d8b44ef927dbca03f39585e.pdf?index=true
- https://e312fadf-6aba-421a-9ebd-8a1984e83471.filesusr.com/ugd/a4ea6c_755d0ba1a4b64c2fb7d7bd53bba8e105.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c11a.binf76992cfae69575c6d0483988682bfd8eda67587f5d3557c74419de42c6849b6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC11A | 5468 bytes |
font_01_sfnt_off0000d3ac.bin2821923cd202cc3c601027e94c90ce5fb30c09c636bb7a00f74543fe5a2215f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD3AC | 11668 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.