MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious File: Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic firing indicating a malicious redirector. The primary malicious URL, 'https://ttraff.com/pify?keyword=safe+work+method+statement+template', is presented as a 'safe work method statement template' in the document body, suggesting a social engineering lure. The document also hosts a large number of other PDF links, many pointing to Shopify domains, which is characteristic of SEO link farm abuse.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=safe+work+method+statement+template
- http://files.drchassereau.com/uploads/1/3/1/6/131637014/fbc58f1.pdf
- http://mazudivo.laurelschool.ca/uploads/1/3/1/4/131452883/bozozudosera-sawoxewixap-vexofetenoje.pdf
- http://pabow.eclaudetteliterary.com/uploads/1/3/1/4/131437502/domogodiwijuj.pdf
- http://files.spokanewatercolor.org/uploads/1/3/1/4/131437242/3997158.pdf
- http://files.pdhcparents.org/uploads/1/3/0/9/130969211/soxabujodepi.pdf
- https://cdn.shopify.com/s/files/1/0430/2379/4339/files/49738764364.pdf
- https://cdn.shopify.com/s/files/1/0437/5438/9665/files/kogusorabigufegegapinikig.pdf
- https://cdn.shopify.com/s/files/1/0435/7757/3539/files/80042089682.pdf
- https://cdn.shopify.com/s/files/1/0430/9745/6801/files/materialismo_dialectico_e_historico.pdf
- https://cdn.shopify.com/s/files/1/0431/8016/3227/files/73353101797.pdf
- https://cdn.shopify.com/s/files/1/0440/4438/6454/files/liminoxofuro.pdf
- https://cdn.shopify.com/s/files/1/0432/8819/9328/files/momexazazeziruved.pdf
- https://cdn.shopify.com/s/files/1/0431/1715/0357/files/vodinimamozitewibez.pdf
- https://cdn.shopify.com/s/files/1/0429/5219/6249/files/59506973672.pdf
- https://cdn.shopify.com/s/files/1/0432/5556/2398/files/un_sustainable_development_goals_progress_report.pdf
- https://cdn.shopify.com/s/files/1/0432/6565/4939/files/atrial_fibrillation_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0431/3363/2661/files/7455487448.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008382.binc6085a37ebe383441e34a8402e9f73906593be5f58dd2cf9a53b7804657ade4f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8382 | 5280 bytes |
font_01_sfnt_off0000955c.bin6e3573e281908f2e8a455148cf224661c187b085438a3e1db59be311d5b86929 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x955C | 10156 bytes |
font_02_sfnt_off0000b80b.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB80B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.