MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.me/wix?keyword=cub+scouts+2020'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, one of which is 'https://0b8236dc-0f20-4081-aafa-82ef0156c96b.filesusr.com/ugd/0511f5_0e16912c1451441a9b4dba493c1fbe99.pdf?index=true'. The document body, though heavily obfuscated, contains references to the redirector URL and appears to be a lure related to 'cub scouts 2020'. No scripts were extracted, limiting further analysis of execution behavior.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=cub+scouts+2020
- https://0b8236dc-0f20-4081-aafa-82ef0156c96b.filesusr.com/ugd/0511f5_0e16912c1451441a9b4dba493c1fbe99.pdf?index=true
- https://d5a9767e-9f03-491b-b9de-04c99ad51557.filesusr.com/ugd/ceb2e8_9aaa8d1e03e240ad86529026bb9ed47d.pdf?index=true
- https://07abba26-b05a-46b2-8752-1a55a07f33f4.filesusr.com/ugd/33ab24_f48080a8aedd44af9c52a26af6a501eb.pdf?index=true
- https://e30e594e-c8f1-4a46-96c9-91d0f197ea64.filesusr.com/ugd/2c8d66_c6fb1b5294cb4932976c8751fe2279af.pdf?index=true
- https://254e3372-685b-42d8-ac6d-03b9ea18227a.filesusr.com/ugd/bdc04d_993804e8984147b99418be53ea9161eb.pdf?index=true
- https://e739e41d-7c40-43f1-b5d0-9407629997f2.filesusr.com/ugd/529dbf_7f47690c3a934881b6110bf7dcf7165b.pdf?index=true
- https://78dfa0f4-2695-4267-8725-b3d980d9ff29.filesusr.com/ugd/98e2de_37fbd1af5bfd4812a4558bda29e16ba5.pdf?index=true
- https://cdn.shopify.com/s/files/1/0440/1650/0886/files/free_health_insurance_claim_form_1500_template.pdf
- https://cdn.shopify.com/s/files/1/0430/2438/4154/files/9284133315.pdf
- https://cdn.shopify.com/s/files/1/0459/9542/5949/files/project_management_issue_tracking_template.pdf
- https://eae0e60f-0a34-4776-9867-95ea5c1919f9.filesusr.com/ugd/5f226b_affdcb623a3447c39a363a9c05c0f85f.pdf?index=true
- https://02994391-4047-4f10-b93f-7edb5d6e73d9.filesusr.com/ugd/37987b_8b3f4fa1b9db4c82a3458c613ed36cce.pdf?index=true
- https://6355389b-d455-4037-8c76-1159e1788ac0.filesusr.com/ugd/2486b5_dbae39621f5c447990ab8e6e92269220.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009bbf.bina88eb1cffe18d8c85738089bd6ce9279887a6a9f8df973b96e8caf157b0d93e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9BBF | 4500 bytes |
font_01_sfnt_off0000ab0e.bina7c9a5dc3e6a2cf5afc249f6e107a69ca5f076c208d21a70c02ca2bafef6680a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB0E | 10340 bytes |
font_02_sfnt_off0000ce6a.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCE6A | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.