MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/pify?keyword=keynote+template+scientific+presentation'. This URL is embedded within the document's body text, disguised as a presentation template. The file also contains a large number of external PDF links, many of which point to 'static.usrfiles.com', suggesting a link farm or redirection strategy. The primary malicious IOC is the redirector URL, which likely leads to further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=keynote+template+scientific+presentation
- https://static.usrfiles.com/ugd/b8c837_b02d5dd660a24be2bac38fd87c4b71f8.pdf
- https://static.usrfiles.com/ugd/d162e3_662e798f198c4ed8a055e79147518a18.pdf
- https://static.usrfiles.com/ugd/8cbfce_8a868828da29439085602717986a3eb6.pdf
- https://static.usrfiles.com/ugd/0d089b_fe5158d7d5f44cdfa437ea47a2698f7d.pdf
- https://static.usrfiles.com/ugd/6116da_fae134c109d7436594b099fdb98a26eb.pdf
- https://static.usrfiles.com/ugd/51c472_829acd91816f47faa5d76e7c3d638a8f.pdf
- https://static.usrfiles.com/ugd/0d2908_791c497e694e4e34a309131fee97af8a.pdf
- https://static.usrfiles.com/ugd/b8c837_e92078842fa141ccbf09640afcee7c59.pdf
- https://static.usrfiles.com/ugd/e3ed1f_638dcf1cfbf144e49d79709756d0a93e.pdf
- https://static.usrfiles.com/ugd/b8c837_f71dee7c754c49a1b475d2b705e2bff9.pdf
- https://static.usrfiles.com/ugd/7c30af_665a41b5ad3347fb826fe2b9f0f0986a.pdf
- https://static.usrfiles.com/ugd/b8c837_69864e2194be4bcab8c9cf96bf64d9ec.pdf
- https://static.usrfiles.com/ugd/76de1a_d261ca3dda5140408a2895744cd44299.pdf
- https://cdn.shopify.com/s/files/1/0430/3778/6266/files/42390360176.pdf
- https://cdn.shopify.com/s/files/1/0447/7979/8679/files/flight_of_the_bumblebee_clarinet_solo.pdf
- https://cdn.shopify.com/s/files/1/0429/5681/6540/files/mewelama.pdf
- https://cdn.shopify.com/s/files/1/0436/4229/0336/files/how_to_create_a_successful_discord_server.pdf
- https://cdn.shopify.com/s/files/1/0431/0076/6369/files/javexusokuju.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006961.bin981cabb603a3a70ffb22e1b1dfe3ef0cf1565ce86ffbd145d7249c54ebc7dd7b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6961 | 5232 bytes |
font_01_sfnt_off00007b27.binc65df3362a94e1e46fcd2450336d44551dd21028b06814f15ec7142297a5c3ab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B27 | 10948 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.