MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm with 17 external PDF links, many hosted on cdn.shopify.com, designed to appear as legitimate content. One of the primary links, however, leads to a known malicious redirector at 'https://ttraff.link/wix?keyword=the+red+tent+torrent'. This suggests a social engineering attack aimed at directing users to malicious sites, potentially for further exploitation or credential harvesting.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=the+red+tent+torrent
- https://cdn.shopify.com/s/files/1/0433/5704/4890/files/rinevofujotu.pdf
- https://cdn.shopify.com/s/files/1/0429/6648/3103/files/saziwamafetonamanixopulil.pdf
- https://cdn.shopify.com/s/files/1/0434/3001/9229/files/nivirimepagisafume.pdf
- https://cdn.shopify.com/s/files/1/0430/9650/6521/files/85338008179.pdf
- https://cdn.shopify.com/s/files/1/0430/2897/1681/files/gugasesisa.pdf
- https://cdn.shopify.com/s/files/1/0432/2256/5032/files/mario_benedetti_biografia_para_encontrarme.pdf
- https://cdn.shopify.com/s/files/1/0434/6091/9446/files/gumoxozaridijopefejelepi.pdf
- https://cdn.shopify.com/s/files/1/0437/2480/0154/files/butiwavuvul.pdf
- https://cdn.shopify.com/s/files/1/0431/5421/0980/files/20778060196.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/matam.pdf
- https://cdn.shopify.com/s/files/1/0430/1471/7597/files/mercedes_clk_2016.pdf
- https://cdn.shopify.com/s/files/1/0438/0921/0529/files/jilologosofebowugej.pdf
- https://cdn.shopify.com/s/files/1/0431/8468/5224/files/20489548056.pdf
- https://cdn.shopify.com/s/files/1/0430/6790/0061/files/tratados_internacionales_de_mexico_vigentes_2020.pdf
- https://cdn.shopify.com/s/files/1/0427/5296/6812/files/wixixipudarufijofivowo.pdf
- https://static.usrfiles.com/ugd/b8c837_e2f97d989bce4ff79a7d7a2b7692f33d.pdf
- https://static.usrfiles.com/ugd/f84671_60465454ed1249fea9ed429c0d5f4170.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006875.bin8b28c977de5ba88853db105d84ef413afb7a459e4c880e1fb33a46aaf11b9254 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6875 | 4184 bytes |
font_01_sfnt_off0000768d.bin57bef4092c5a46025257ce1a03aaf65b1bba109430db30015ac0cc4a743783c5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x768D | 10048 bytes |
font_02_sfnt_off000098da.bince7e2e230a41ba6fc2d7d2240890c8289d67876d84a3d076d67c0b48111c8230 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x98DA | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.