MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/wix?keyword=download+console+sniffer', which is presented as a download prompt. Additionally, it exhibits a PDF link farm heuristic, with numerous links to external PDFs, many hosted on cdn.shopify.com. The document body also contains the malicious URL and references to downloading a console sniffer, suggesting a social engineering lure to trick the user into downloading a payload.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=download+console+sniffer
- https://static.usrfiles.com/ugd/b4a829_8d71171bbdfc41d4bdee423c8f0e044d.pdf
- https://static.usrfiles.com/ugd/b8c837_e96821df49074073aed284cbbc37b7f2.pdf
- https://static.usrfiles.com/ugd/3649d2_dd887d17d43d4a68a0ae0383a2799eae.pdf
- https://static.usrfiles.com/ugd/704566_fd8be3da22a24f3aa554a94a4e8d948b.pdf
- https://cdn.shopify.com/s/files/1/0435/9657/8979/files/33428089761.pdf
- https://cdn.shopify.com/s/files/1/0437/0314/0506/files/color_street_logo.pdf
- https://cdn.shopify.com/s/files/1/0434/4555/1256/files/mujedomadasopazunosef.pdf
- https://cdn.shopify.com/s/files/1/0432/1008/0420/files/slip_sheet_for_tile_floors.pdf
- https://cdn.shopify.com/s/files/1/0432/0781/9422/files/kafirifokuge.pdf
- https://cdn.shopify.com/s/files/1/0433/7047/9768/files/zafinagatamajiwemaw.pdf
- https://cdn.shopify.com/s/files/1/0429/5376/9123/files/baseball_field_diagram.pdf
- https://cdn.shopify.com/s/files/1/0437/6510/4791/files/32051125884.pdf
- https://cdn.shopify.com/s/files/1/0431/7102/0954/files/63066692460.pdf
- https://cdn.shopify.com/s/files/1/0428/3390/3783/files/zowuwanugali.pdf
- https://cdn.shopify.com/s/files/1/0439/3179/5624/files/53419524772.pdf
- https://cdn.shopify.com/s/files/1/0431/2793/1029/files/90735806222.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0432/0781/9422/files/kafi
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006977.bin14b06ce0c418f5f1875dfdc4a61e92df0d7e31c19f0f8250ed1184de41ea79cc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6977 | 4812 bytes |
font_01_sfnt_off000079e6.bin292e750ef15d634cb5681651e0d2169822ba335c38ca8e35895543ceb00d367f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79E6 | 10540 bytes |
font_02_sfnt_off00009dd3.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9DD3 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.