MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious File: Malicious Link
The PDF file contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. Additionally, it exhibits characteristics of a PDF link farm, embedding numerous external PDF links, many hosted on Shopify. The primary malicious URL identified is https://ttraff.ru/wix?keyword=world+english+1+national+geographic+pdf, which likely serves as the initial lure or redirector. The large number of embedded links suggests an attempt to manipulate search engine results or distribute further malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=world+english+1+national+geographic+pdf
- https://cdn.shopify.com/s/files/1/0440/3943/8501/files/95814461619.pdf
- https://cdn.shopify.com/s/files/1/0431/5670/1346/files/28234135298.pdf
- https://cdn.shopify.com/s/files/1/0434/5721/6678/files/organisational_behaviour_and_management_fellenz.pdf
- https://cdn.shopify.com/s/files/1/0438/4351/8629/files/74695372441.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/85755015361.pdf
- https://cdn.shopify.com/s/files/1/0432/7368/3112/files/rafagagupo.pdf
- https://cdn.shopify.com/s/files/1/0439/0577/7832/files/vejeletumosepejoko.pdf
- https://cdn.shopify.com/s/files/1/0432/9380/2646/files/kekoriluwesadumezozu.pdf
- https://cdn.shopify.com/s/files/1/0432/1627/3563/files/64581033510.pdf
- https://cdn.shopify.com/s/files/1/0428/4402/9084/files/visiguva.pdf
- https://cdn.shopify.com/s/files/1/0439/2042/5115/files/setivugibuxevudukisoxema.pdf
- https://cdn.shopify.com/s/files/1/0429/2752/1948/files/jodorewemodegu.pdf
- https://cdn.shopify.com/s/files/1/0434/6124/7129/files/69849271464.pdf
- https://static.usrfiles.com/ugd/b8c837_2efc665bfc4e40a38281da6a5ea54fe8.pdf
- https://static.usrfiles.com/ugd/b8c837_f0b2e80b34c54a74b32ebd3bea2f8190.pdf
- https://static.usrfiles.com/ugd/b8c837_17db77abc1ae44e0948b522787e92986.pdf
- https://static.usrfiles.com/ugd/b8c837_981305fa42554731abc61eb0488c70f6.pdf
- https://static.usrfiles.com/ugd/b8c837_6ac85aa85a6c4456be04a1ff789b1937.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006491.binf391ea6cc51ab254b53dc9387b5a2b54c96ca4bcff02e1d6dc40aa2a5de253b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6491 | 5480 bytes |
font_01_sfnt_off0000774b.bincd64790cbb82a36c28e0385b2758af9dc89813c5bfb11550749cdd89e274307f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x774B | 10704 bytes |
font_02_sfnt_off00009b51.bin30faa2b4d356db37990155777f2915c060c2997220b16d932a93d940a37bd98b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B51 | 17700 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.