MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, many of which point to domains associated with link farms and redirectors. One prominent link, 'https://ttraff.ru/pify?keyword=definition+of+supply+chain+management+pdf', is identified as a malicious redirector. The document body, though heavily obfuscated, also contains this URL, suggesting a lure to trick users into clicking on malicious links. The presence of many Shopify-hosted PDF links further indicates a link farm strategy.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=definition+of+supply+chain+management+pdf
- http://files.xchaintechnology.com/uploads/1/3/1/6/131607053/9525554.pdf
- http://files.justflowfun.com/uploads/1/3/2/6/132681660/fusezetu-fuzokenokamirot.pdf
- http://files.sunburysandlotcamps.com/uploads/1/3/1/1/131164081/xogatasajo_sopapi.pdf
- http://files.aispng.org/uploads/1/3/0/8/130874422/januvuzazajofu.pdf
- http://files.hsiaoaiwang.com/uploads/1/3/1/0/131070442/5060bc10eec16.pdf
- https://cdn.shopify.com/s/files/1/0431/7433/0517/files/buwukifodasudapidol.pdf
- https://cdn.shopify.com/s/files/1/0432/2505/5389/files/medievil_ps1_rom.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/33374625424.pdf
- https://cdn.shopify.com/s/files/1/0432/0205/2257/files/17226853493.pdf
- https://cdn.shopify.com/s/files/1/0432/6244/3683/files/74683106861.pdf
- https://cdn.shopify.com/s/files/1/0432/1987/8048/files/74938067326.pdf
- https://cdn.shopify.com/s/files/1/0441/4029/8392/files/adventist_hymnal_download.pdf
- https://cdn.shopify.com/s/files/1/0431/8488/1827/files/98647770053.pdf
- https://cdn.shopify.com/s/files/1/0428/4638/8380/files/sibuvefujojavi.pdf
- https://cdn.shopify.com/s/files/1/0440/7446/7478/files/cephalosporins_antibiotics.pdf
- https://cdn.shopify.com/s/files/1/0434/5787/2038/files/crossfit_level_1.pdf
- https://cdn.shopify.com/s/files/1/0428/3708/2271/files/47156414581.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0428/3708/2271
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006fd6.bin64afad84fb310f59ec6d4449b360dd816fe88146d912962c8335fabfa77a69ab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FD6 | 5572 bytes |
font_01_sfnt_off000082bb.bin789e66757cdb4828e9573bab1de4314cc8b8dde9bd3bf9f4e736eea097f825b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82BB | 10428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.