In another turn of interesting events, during the course of my monitoring of targeted attacks, specifically of advanced persistent threats, I came upon an email with a PDF attachment that had just a measly 4 out of 42 generic or heuristic detections.
I checked out the email and whoa! – it was an email from a trusted researcher colleague and friend in FireEye who was also monitoring these kinds of campaigns, or to put it accurately, looks like it.
Looks legit, right? However, my first-hand instinct told me that something was definitely amiss, and I zeroed in first in the email headers and I was expecting to find some spoofing details, which I did.