MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link farm and a direct link to a known malicious redirector, ttraff.ru. The document body, though heavily obfuscated, contains text related to a 'wasteland survival guide' and the redirector URL, suggesting a lure to entice users to click the malicious link. The file also contains numerous links to PDFs hosted on static.usrfiles.com and cdn.shopify.com, which are likely part of a link farm to improve search engine ranking for the lure content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=wasteland+survival+guide+issue
- https://static.usrfiles.com/ugd/2e4eb4_31aed890e1bf466fa7b5f4c779e30190.pdf
- https://static.usrfiles.com/ugd/b8c837_1a36094868c549edb7d52b3539906ddd.pdf
- https://static.usrfiles.com/ugd/136d07_8c407bb71893411eb93d8bdc2f32d019.pdf
- https://static.usrfiles.com/ugd/60933b_ed5b49a148c045238895b135cb8a10ea.pdf
- https://static.usrfiles.com/ugd/73f3b0_e6c6c0ec7b8f4f08bea64ca3ca5f9d7f.pdf
- https://cdn.shopify.com/s/files/1/0428/8177/7827/files/karozakuwebiposo.pdf
- https://cdn.shopify.com/s/files/1/0435/6613/7507/files/auto_enrollment_certificate_template.pdf
- https://cdn.shopify.com/s/files/1/0432/0670/5311/files/debate_about_school_uniforms_should_be_abolished.pdf
- https://cdn.shopify.com/s/files/1/0437/1120/1435/files/proyecto_codigo_civil_1851.pdf
- https://cdn.shopify.com/s/files/1/0431/0627/1394/files/een_bestand_kleiner_maken.pdf
- https://cdn.shopify.com/s/files/1/0430/9798/1089/files/bumper_offer_telugu_video_songs_free.pdf
- https://cdn.shopify.com/s/files/1/0433/7985/1414/files/55366541832.pdf
- https://cdn.shopify.com/s/files/1/0429/4639/6326/files/fulawobijawuzolomizulu.pdf
- https://cdn.shopify.com/s/files/1/0435/9369/5391/files/athlean_x_workout_plan.pdf
- https://cdn.shopify.com/s/files/1/0429/9276/3039/files/70045695406.pdf
- https://cdn.shopify.com/s/files/1/0432/8800/2710/files/60119515473.pdf
- https://cdn.shopify.com/s/files/1/0430/3690/1527/files/piero_calamandrei_livros.pdf
- https://cdn.shopify.com/s/files/1/0432/6971/8172/files/lovefakupatu.pdf
- https://cdn.shopify.com/s/files/1/0433/5930/5880/files/types_of_antimicrobial_agents.pdf
- https://cdn.shopify.com/s/files/1/0461/7591/2090/files/73545282114.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c2e.bin3e1ec6d59903d7a54d07a91209dc1d8a2a779089627a7374431c0836b13d4d90 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C2E | 5064 bytes |
font_01_sfnt_off00007d7a.bin6a7034969ae35550822206451d44de197c556b42ff362b7f5e803a2dba1bfc32 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D7A | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.