MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a link to a known malicious redirector, ttraff.ru, disguised as a Bosch dishwasher manual. This redirector likely leads to a malicious payload or phishing page. The document also contains a large number of embedded links, many pointing to Shopify, suggesting an attempt to obscure the final destination or leverage benign domains for initial distribution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=bosch+silence+plus+dishwasher+manual+pdf
- http://files.mysxbx.com/uploads/1/3/0/9/130969435/sibekabezorisopifava.pdf
- http://files.joshuaegallagher.com/uploads/1/3/0/8/130814535/01e3c4a7df2c.pdf
- http://files.jasonmarshallconsulting.com/uploads/1/3/1/8/131871674/5dd4f.pdf
- http://files.rmarckantrowitz.com/uploads/1/3/1/0/131070483/gawelegasakad.pdf
- http://files.creativesomatics.com/uploads/1/3/1/4/131438071/1ffee337c508.pdf
- https://cdn.shopify.com/s/files/1/0435/2881/4741/files/4974732936.pdf
- https://cdn.shopify.com/s/files/1/0435/6489/2323/files/tableau_des_accords_guitare.pdf
- https://cdn.shopify.com/s/files/1/0428/2925/0719/files/enter_the_gungeon_yellow_chamber.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/serananovuja.pdf
- https://cdn.shopify.com/s/files/1/0433/0933/4696/files/folojejerujusibujepen.pdf
- https://cdn.shopify.com/s/files/1/0434/2684/0737/files/99288171824.pdf
- https://cdn.shopify.com/s/files/1/0433/1778/8830/files/dojizoxufuxipurarenipox.pdf
- https://cdn.shopify.com/s/files/1/0449/4006/6971/files/bullworker_x5.pdf
- https://cdn.shopify.com/s/files/1/0431/7862/3138/files/40k_apocalypse.pdf
- https://cdn.shopify.com/s/files/1/0430/5027/0869/files/menobekazesafisubuv.pdf
- https://cdn.shopify.com/s/files/1/0437/7817/9221/files/automatic_control_systems_raven.pdf
- https://cdn.shopify.com/s/files/1/0431/3969/4741/files/veterinary_microbiology_quinn.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000951a.bina971dcddc9b6b83907e9945d8be0deb48622b55a504bfb12fd89bf87b5d18ce7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x951A | 5536 bytes |
font_01_sfnt_off0000a7c3.bin65c4e4d91931b7407ed5f03668c314678156c34a78065d00268eae00860214a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7C3 | 5304 bytes |
font_02_sfnt_off0000bc2d.bin39e03d3322eed0dd0a9bb3dcbb23882cf3d19cd4efce06f5906187dc0d89d067 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC2D | 11972 bytes |
font_03_sfnt_off0000e45a.binc65c62c65b16ded2469767ab61ddadcb3c9f09625faa9788f11d1129b968ad20 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE45A | 2120 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.