CLEAN
8
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0287
Heuristics 4
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.openioc.org/resources/An_Introduction_to_OpenIOC.pdf In PDF document text
- https://github.com/ucoProject/ucoIn PDF document text
- https://github.com/marcusp46/security-metrics-ontologyIn PDF document text
- https://github.com/Ebiquity/Unified-Cybersecurity-OntologyIn PDF document text
- https://github.com/casework/caseIn PDF document text
- https://github.com/daedafusion/cyber-ontologyIn PDF document text
- http://www.openioc.org/In PDF document text
- https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.htmlPDF link annotation
- https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillionIn PDF document text
- https://cve.mitre.orgIn PDF document text
- https://nvd.nist.gov/In PDF document text
- https://cpe.mitre.org/specification/In PDF document text
- https://cwe.mitre.orgIn PDF document text
- https://capec.mitre.org/In PDF document text
- https://attack.mitre.org/In PDF document text
- https://nvd.nist.gov/vuln-metrics/cvssIn PDF document text
- https://cwe.mitre.org/cwss/cwss_v1.0.1.htmlIn PDF document text
- https://maec.mitre.orgIn PDF document text
- https://oasis-open.github.io/cti-documentation/In PDF document text
- https://www.gartner.com/doc/2487216/definition-threat-intelligenceIn PDF document text
- https://www.juniperresearch.com/press/press-releases/In PDF document text
- http://ryanstillions.blogspot.com/2014/0In PDF document text
- https://cpe.mitre.org/In PDF document text
- https://cwe.mitre.org/In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0005ce3e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5CE3E | 13505 bytes |
SHA-256: 1d5ed6484e735f0edd08845fa064948be8cf8651767ceb2c9855a72927c56959 |
|||
stream_008_off0005f593.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5F593 | 10899 bytes |
SHA-256: a48cc78ca30910d4ba6fa0b3d29d385ba59ac584017d0d2e4aa0e11693bb118e |
|||
stream_010_off000611ac.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x611AC | 31543 bytes |
SHA-256: 41b1dc7f32695599357984a058ccc8e2bd190b46f89b25d007fd3b7ed74291af |
|||
stream_012_off0006340e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6340E | 13906 bytes |
SHA-256: 22dcff5aeb5653e4dca9947574605b284fe78a7b948c508fee33bcb5c11f9b79 |
|||
stream_018_off0007355c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7355C | 10781 bytes |
SHA-256: 247ec8fb45629e0fd42141fccdd6a5cac7d62e01b7fb0df3958d2494bb11a45d |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 2 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.