MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, suggests a lure related to a 'ccna cyber ops guide pdf'. The presence of multiple external links, including a link farm, indicates a strong intent to redirect users to potentially harmful content. The file's structure and link farm behavior are consistent with techniques used for phishing or distributing further malware.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=ccna+cyber+ops+guide+pdf
- http://files.ryanstaudacher.com/uploads/1/3/0/7/130739490/4073102.pdf
- http://files.challengethewind.org/uploads/1/3/2/6/132695730/4477159.pdf
- http://files.shawnpurvis.com/uploads/1/3/1/4/131482988/dikike.pdf
- http://files.voxnsccp.com/uploads/1/3/0/9/130969489/3758575.pdf
- http://files.planninginblackandwhite.com/uploads/1/3/2/7/132710655/bobuzugipiz_renele_litazafurusagop.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/53293114795.pdf
- https://cdn.shopify.com/s/files/1/0432/8787/1646/files/zepelofagugofa.pdf
- https://cdn.shopify.com/s/files/1/0432/2790/6206/files/velavufapalulodeguxoj.pdf
- https://cdn.shopify.com/s/files/1/0435/7111/8235/files/46676713685.pdf
- https://cdn.shopify.com/s/files/1/0431/9451/5614/files/4953869207.pdf
- https://zibagepuj.files.wordpress.com/2020/07/99367071490.pdf
- https://gozinogix.files.wordpress.com/2020/06/14302634053.pdf
- https://rojevaliri.files.wordpress.com/2020/07/17083869538.pdf
- https://cdn.shopify.com/s/files/1/0430/3316/5986/files/57947880728.pdf
- https://cdn.shopify.com/s/files/1/0429/5933/9674/files/41535486684.pdf
- https://cdn.shopify.com/s/files/1/0431/2173/7882/files/notomel.pdf
- https://cdn.shopify.com/s/files/1/0427/6482/8838/files/1657552650.pdf
- https://cdn.shopify.com/s/files/1/0431/4251/2791/files/80861594412.pdf
- https://cdn.shopify.com/s/files/1/0430/2071/4137/files/jasadabutegoreja.pdf
- https://cdn.shopify.com/s/files/1/0432/7673/0528/files/11715586129.pdf
- https://cdn.shopify.com/s/files/1/0433/4069/3662/files/52411201393.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007bf0.bin443a829066c822baa5b1e52c5de172ec558278e816f1ab6ecc541e67455a36b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BF0 | 5360 bytes |
font_01_sfnt_off00008e27.bine7d8735b25bf391f435d4fc72c81e65ddc6d19f90ce854128dbcb0f1c91ebdde |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E27 | 10856 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.