I published the following diary on isc.sans.edu: “Suspicious PDF Connecting to a Remote SMB Share”:
Yesterday I stumbled upon a PDF file that was flagged as suspicious by a customer’s anti-malware solution and placed in the quarantine. Later, the recipient contacted the team in charge of emails to access his document because he knew the sender and pretended that the file was legit… [Read more]