MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to a known malicious URL. Additionally, PDF_SEO_LINK_FARM suggests the document is part of a link farm, likely for SEO poisoning. The embedded URL 'https://ttraff.cc/wb?keyword=phases%20of%20teaching' is the primary IOC, serving as the initial lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=phases%20of%20teaching
- https://4c7e7241-5bec-48b4-a127-e699a102ffdb.filesusr.com/ugd/4b874d_071662a6787045db8ee42bb67bc92bf8.pdf?index=true
- https://a640e092-db23-483a-92fc-abb0882b9897.filesusr.com/ugd/bfd504_84f269d97d7a450e9e4873d0221d7ca6.pdf?index=true
- https://57672a03-0ac1-4814-9b80-ce669b364eea.filesusr.com/ugd/d93890_d34fd5097e5e47fb9f85c543d2aa2d5d.pdf?index=true
- https://8447f60b-9ffb-412e-8da2-3347d722ddf7.filesusr.com/ugd/957c7b_b917cae119e148b1acbe318efe68b2d2.pdf?index=true
- https://28644a28-cfd4-4062-abb1-e64b1c80173b.filesusr.com/ugd/5a1791_feba57a86b1348208a29e9bb216b5a4c.pdf?index=true
- https://377ad32f-a623-456f-8eb9-76cc1ba379df.filesusr.com/ugd/0cd019_adf4cf8fb04e4289a75d96b618124ff3.pdf?index=true
- https://99b287f5-9cc6-4dc9-ac5e-1384a7e69684.filesusr.com/ugd/d99ef3_8277acaf7d564bc7a5d5f6b7e7b5d802.pdf?index=true
- https://f9633b58-f944-4d33-b906-65e0506215f1.filesusr.com/ugd/b28ae2_9008dcbde0ea40abac0426384d6920e0.pdf?index=true
- https://7ac0caa7-0059-4320-9df6-b874274e067e.filesusr.com/ugd/e80f4c_d7884004b1024bd1961083d519703103.pdf?index=true
- https://1318b49a-0db5-457b-9439-f654c22b9553.filesusr.com/ugd/43d598_38ed2e06c69c4ba9b64174dfbed95ee8.pdf?index=true
- https://6234a83a-e179-40e8-8c6a-d645d1ab9748.filesusr.com/ugd/9b7d8a_69a40817834e481c9c7e8bb72758717c.pdf?index=true
- https://bc240af2-27af-4637-96aa-e5b4b5f43f50.filesusr.com/ugd/0010c8_f26f024c2543471bb1422e1f7d28b03b.pdf?index=true
- https://438facff-37a1-4b8a-a5f9-c046e993a6f6.filesusr.com/ugd/77941b_df09ea2891e84e31812a36cae70cd831.pdf?index=true
- https://2571de76-5c64-471a-addf-92937b4de065.filesusr.com/ugd/89441e_9c54d40716024595b5cedd8b4a3e071c.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010714.binc0e5189b20c0476df8cd03b4c4a854f2e38826f0878377d73dd065a90e77bcde |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10714 | 5016 bytes |
font_01_sfnt_off0001182b.bine822288a42276a4f90b15887dbb59b5e8708893f591d2c1c8427e863cc38059e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1182B | 10192 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.