MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic match for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to a known malicious URL. Additionally, the PDF_SEO_LINK_FARM heuristic indicates a large number of embedded links, with the primary one being a redirector. The document body, though partially corrupted, contains text related to finding a 'north star' and includes the malicious URL, suggesting a social engineering lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=finding+your+own+north+star+pdf+free
- https://8218ccde-e563-4681-a567-953f8ed9a2e0.filesusr.com/ugd/9904c2_7d2190de141e4b10bda0002682d83d84.pdf?index=true
- https://227b01b3-841e-4427-895c-f36c299e11cb.filesusr.com/ugd/24deb6_a4ff288c178d4bb79c63a1f0d59793cc.pdf?index=true
- https://f79c45a7-9d93-48da-b6f3-f60072ddda6e.filesusr.com/ugd/04e6f9_600d442d09134b04a3572074c83a5b86.pdf?index=true
- https://ffbd14a1-c6ce-4b6c-b561-06c0720e8727.filesusr.com/ugd/9ea91e_e724529df3d64b739491dc621babf4e5.pdf?index=true
- https://3389b2ee-1854-4a1e-84b6-8ad99a8998e5.filesusr.com/ugd/5bb01c_21a166cdabe34c6a935699eb405a6cab.pdf?index=true
- https://5b669096-fb5a-4c24-961e-06b6be93547c.filesusr.com/ugd/9904c2_2c430b493bbf4743bee71aab67c06748.pdf?index=true
- https://c2985419-3ed3-4647-946c-8ab7d9c3abb9.filesusr.com/ugd/314c35_bcb04dfc91b14853b448f94da135ae54.pdf?index=true
- https://2c1090e7-3791-4962-b3d9-600851056b7c.filesusr.com/ugd/740d8c_e23a0ef4c6a841e7a0b90dcab0fec9c8.pdf?index=true
- https://b39d5838-8191-4366-ad39-19c64d473daf.filesusr.com/ugd/b463f2_6218cfd72a9e4345b0f4f15c3ebcd95c.pdf?index=true
- https://10252ff1-e23b-4ed7-89b2-7b59e7563eb3.filesusr.com/ugd/2f7489_68f65199a0cb4de591c4e672c8b1c147.pdf?index=true
- https://962525ae-b7b5-49a2-ac16-934ede5b7d48.filesusr.com/ugd/1acd69_5880a4905a1a47f188dfb47a103b7118.pdf?index=true
- https://c2f1c814-b4e1-4763-8f3e-7d9dd8a717ef.filesusr.com/ugd/bb05c1_dfb1a16a3a444747b2407d31184b74b3.pdf?index=true
- https://7a682457-fdb0-4706-bbd3-61ced659d25b.filesusr.com/ugd/277b62_4426910e79744512a165fdc75b01a232.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005cc4.bin0c54864a772fd3a45a6688ed03079bbf61d5f65a44cb8fa84865d09e6cf53de1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5CC4 | 5420 bytes |
font_01_sfnt_off00006f4b.bin2ce2f6adf2d2c2ae0e05c184b1faebb6e8e6753564db6760146db08fc4271677 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F4B | 9952 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.