MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of external links, with a significant portion hosted on cdn.shopify.com, suggesting a link farm for SEO manipulation or to obscure malicious destinations. One of the embedded URLs, 'https://ttraff.cc/pify?keyword=dnd+giant+badger', is identified as a malicious redirector. This indicates a likely phishing or social engineering attack where the user is enticed to click on links that ultimately lead to malicious content or further compromise.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=dnd+giant+badger
- http://files.nanolab.info/uploads/1/3/1/3/131379749/befuraxigufero.pdf
- http://files.doula-care.com/uploads/1/3/1/3/131379420/2057198.pdf
- http://files.weesnerbittersweetfarm.com/uploads/1/3/1/4/131453998/lenube.pdf
- http://files.thetraumacentre.ca/uploads/1/3/1/3/131398292/gujipe-kufopupajizap.pdf
- http://files.newtongrangegala.org/uploads/1/3/0/8/130873715/6446212.pdf
- https://cdn.shopify.com/s/files/1/0431/6443/4583/files/sipikiwux.pdf
- https://cdn.shopify.com/s/files/1/0430/4686/3005/files/6826567950.pdf
- https://cdn.shopify.com/s/files/1/0428/5369/5647/files/dijazi.pdf
- https://cdn.shopify.com/s/files/1/0437/7303/4654/files/12725025382.pdf
- https://cdn.shopify.com/s/files/1/0435/3140/3413/files/chill_touch_cantrip.pdf
- https://cdn.shopify.com/s/files/1/0432/2790/6206/files/41569794489.pdf
- https://cdn.shopify.com/s/files/1/0428/9606/4671/files/medunukejironunag.pdf
- https://cdn.shopify.com/s/files/1/0431/4402/0125/files/36367088536.pdf
- https://cdn.shopify.com/s/files/1/0432/2610/3971/files/20804656750.pdf
- https://cdn.shopify.com/s/files/1/0432/1571/6513/files/sikoborapipuzubo.pdf
- https://cdn.shopify.com/s/files/1/0430/1671/6437/files/wobivimugarekugop.pdf
- https://cdn.shopify.com/s/files/1/0434/2244/9820/files/jalokavokiwadamakuziwole.pdf
- https://cdn.shopify.com/s/files/1/0429/9980/8149/files/35654682946.pdf
- https://cdn.shopify.com/s/files/1/0438/2588/9442/files/tanizoruzet.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007d62.bin4aa80dace48476e3869306c1b1597a72d1f63374f03ac5805e08c39ae7a53590 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D62 | 4920 bytes |
font_01_sfnt_off00008e30.binea66f552e328d0a8bf4b0dc3f60ce8b0675875b5d905cf338a3dc641d9edeef0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E30 | 10416 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.