MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a lure related to 'My aadhaar card by aadhar number' and includes a critical heuristic firing for a malicious redirector link to 'https://ttraff.cc/pify?keyword=my+aadhaar+card+by+aadhar+number'. Additionally, it exhibits a PDF SEO link farm heuristic, with numerous links pointing to Shopify domains, one of which is identified as a potential entry point. The document body also contains the malicious URL and benign-looking PDF filenames, suggesting a phishing attempt to harvest credentials or redirect users to malicious sites.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
MFA / one-time-code harvesting lure high SE_MFA_LUREDocument asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=my+aadhaar+card+by+aadhar+number
- http://files.honkrenaissance.net/uploads/1/3/1/0/131070520/3578f9490c503.pdf
- https://cdn.shopify.com/s/files/1/0436/0775/2861/files/55523636811.pdf
- https://cdn.shopify.com/s/files/1/0430/9726/0192/files/wibaturevazepamadomudun.pdf
- https://cdn.shopify.com/s/files/1/0447/9657/5904/files/esl_advanced_reading_activities.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/57355052908.pdf
- https://cdn.shopify.com/s/files/1/0437/1841/0394/files/caida_de_tension_formula.pdf
- https://cdn.shopify.com/s/files/1/0451/0469/3400/files/animal_habitat_worksheets_for_2nd_grade.pdf
- https://cdn.shopify.com/s/files/1/0432/6418/0390/files/somiku.pdf
- https://cdn.shopify.com/s/files/1/0431/4490/4855/files/picture_description_in_english.pdf
- https://cdn.shopify.com/s/files/1/0434/7455/0950/files/principles_of_pediatric_nursing.pdf
- https://cdn.shopify.com/s/files/1/0431/4651/0504/files/15422892056.pdf
- https://cdn.shopify.com/s/files/1/0448/0276/9053/files/chief_architect_sample_plans.pdf
- https://cdn.shopify.com/s/files/1/0428/0595/2671/files/poxubuxuworulopanuvore.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/lewajoranuputefikilos.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009440.bin322b2cc278a4c11653d5fc3c0f5f0b2b4ff709239d6b1ab89c828d9ec667fc73 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9440 | 5216 bytes |
font_01_sfnt_off0000a5cd.bin35a89e42533b4634aff48da49f77254eac55bcc3cd5bee4f76ea5e97242dc689 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA5CD | 10468 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.