MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one identified as a malicious redirector. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external PDF links, suggesting a link farm or SEO manipulation tactic. The primary malicious URL identified is https://ttraff.me/wix?keyword=bluebird+lake+colorado, which is flagged as a malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=bluebird+lake+colorado
- http://weziju.markpinder.org/uploads/1/3/1/0/131070197/7582700.pdf
- http://files.airhearthealing.com/uploads/1/3/1/8/131858043/zegivonufered.pdf
- http://vivugoke.nataliejane.blog/uploads/1/3/0/9/130969205/5578527.pdf
- http://ruriwebag.drlouiefrodriguez.com/uploads/1/3/0/9/130969407/kazisejojogibam_nuzumo_lidabotubamo.pdf
- https://1d984955-9454-4055-929e-56ab23
- https://61a4fd33-b4d8-46ec-b309-580a5f2b2919.filesusr.com/ugd/f0b6b3_91ba94d427b14fd893d961da2a7c4e33.pdf?index=true
- https://2a1e73d9-9fad-4d65-bb06-910c61466bb3.filesusr.com/ugd/067ecb_935e4cd928d24e4184edfbf913d204ff.pdf?index=true
- https://862d9ea6-da9d-4b4f-b3c3-073cfa5ad218.filesusr.com/ugd/1da05d_459bf41471b244619047416c4985e454.pdf?index=true
- https://1b71cfda-229f-4a40-9892-9811db23c456.filesusr.com/ugd/86319b_2b8d26fd38e14ae5b51d89ee19d4b9c9.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/0632/8995/files/87476045918.pdf
- https://cdn.shopify.com/s/files/1/0454/6196/2910/files/couch_to_5k_plan.pdf
- https://cdn.shopify.com/s/files/1/0427/7947/6134/files/xudovosunabipakebokipabij.pdf
- https://cdn.shopify.com/s/files/1/0482/8223/9137/files/hello_neighbor_what_to_say.pdf
- https://cdn.shopify.com/s/files/1/0432/9439/2485/files/8782434951.pdf
- https://d0b4a987-6e2c-4701-8456-b8323e2abfd0.filesusr.com/ugd/31593d_8986560ad0eb4947963660fc33aa459d.pdf?index=true
- https://996ce219-05ad-4e68-8f3d-a7a055bf358f.filesusr.com/ugd/ce14f3_6ed8b7bdc3a840fab86a03c2daf25d18.pdf?index=true
- https://3aebc87a-b548-49f5-9080-8a14666a525c.filesusr.com/ugd/af0aa9_b918fdf36471476eb73976ad166622ff.pdf?index=true
- https://980980e7-d7aa-4a96-9325-684c9e347548.filesusr.com/ugd/2b98a3_b11ee1c4a6e846a189d8facc15d786c5.pdf?index=true
- https://1d984955-9454-4055-929e-56ab23e89ae8.filesusr.com/ugd/22739b_7e29965f2cb040328c29d2bb56410a45.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006534.bin53e714bb812fdce460b9e3409889cd2aec70ce4f491731844d5bac5fc0ef8a60 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6534 | 5008 bytes |
font_01_sfnt_off00007646.binb1c01d73f198eb5cddc2803762dde38b7212c35ba47a038d80ee29e55b7fca38 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7646 | 10468 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.