MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links to external PDF documents, hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a redirection scheme designed to lead users to potentially malicious content. No scripts were extracted, and the document body was heavily obfuscated, making it difficult to determine a more specific attack pattern or family. The primary IOCs are the URLs pointing to the linked documents.
Heuristics 2
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://cefasfese.4pu.com/1731738739736733731/Nixon-Volume-1-The-Education-of-a-Politician-1913-62-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/4732736730732736/Nixon-Volume-2-The-Triumph-of-a-Politician-1962-1972-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/1735731733736/Richard-Milhous-Nixon-The-Rise-of-an-American-Politician-by-Roger-Morris.pdf
- http://cefasfese.4pu.com/3738738733733736/The-Complete-Short-Stories-of-Ambrose-Bierce-Volume-1-The-World-of-Horror-by-Ambrose-Bierce.pdf
- http://cefasfese.4pu.com/2735735736738730/Americans-at-War-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/2735735737734732/Halleck-Lincoln-s-Chief-of-Staff-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/6733738739737/D-Day-June-6-1944-The-Battle-for-the-Normandy-Beaches-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/7732730735739/Nothing-Like-It-in-the-World-The-Men-Who-Built-the-Transcontinental-Railroad-1863-69-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/2734731733737732/The-Wild-Blue-The-Men-and-Boys-Who-Flew-the-B-24s-Over-Germany-1944-45-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/4736735739733736/Crazy-Horse-and-Custer-The-Parallel-Lives-of-Two-American-Warriors-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/3737731736732734/Crazy-Horse-and-Custer-The-Parallel-Lives-of-Two-American-Warriors-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/1731735732733730730/Tigri-in-battaglia-La-storia-degli-uomini-che-pilotarono-i-B-24-sopra-la-Germania-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/5731730737733739/A-History-of-the-Federal-Reserve-Volume-1-1913-1951-by-Allan-H-Meltzer.pdf
- http://cefasfese.4pu.com/2736738731735732/Undaunted-Courage-Meriwether-Lewis-Thomas-Jefferson-and-the-Opening-of-the-American-West-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/3733731739733/Band-of-Brothers-E-Company-506th-Regiment-101st-Airborne-from-Normandy-to-Hitler-s-Eagle-s-Nest-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/5739737730739731/Band-of-Brothers-De-Easy-compagnie-506de-regiment-101ste-luchtlandingsdivisie-van-Normandi-tot-Hitler-s-Adelaarsnest-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/6738735739735731/John-Singer-Sargent-Venetian-Figures-and-Landscapes-1898-1913-Complete-Paintings-Volume-VI-by-Richard-Ormond.pdf
- http://cefasfese.4pu.com/6738735739738735/John-Singer-Sargent-Figures-and-Landscapes-1908-1913-The-Complete-Paintings-Volume-VIII-by-Richard-Ormond.pdf
- http://cefasfese.4pu.com/8738730730735737/Kompania-braci-Od-Normandii-do-Orlego-Gniazda-Hitlera-Kompania-E-506-pu-ku-spadochronowej-101-Dywizji-Powietrznodesantowej-by-Stephen-E-Ambrose.pdf
- http://cefasfese.4pu.com/8731737730736737/The-Essential-Peirce-Volume-2-Selected-Philosophical-Writings-1893-1913-by-Charles-Sanders-Peirce.pdf
- http://cefasfese.4pu.com/7732730735739/Nothing-Like-It-in-the-World-The-Men-Who-Built-the-T
Open this report in the interactive analyzer, or submit your own file for analysis.