Sandbox-Confirmed Malicious PDF Delivered via Compromised Logistics Domain With Passing Authentication

# Sandbox-Confirmed Malicious PDF Delivered via Compromised Logistics Domain With Passing Authentication

An email with a one-line body and a PDF attachment called Proposal_02_10_2026.pdf landed in multiple mailboxes with clean authentication results across SPF, DMARC, and composite auth. The email looked like routine business outreach. The gateway content filter passed it. A sandbox detonation run post-delivery returned a malicious verdict and triggered quarantine across all affected mailboxes. The sending domain was a compromised mail account at a legitimate logistics company, not an attacker-registered lookalike.

What the Attack Looked Like

The message originated from infrastructure associated with a compromised logistics-company mail domain. The sending IP (18[.]219[.]19[.]207, PTR: st2[.]dynedge[.]com, geolocation: Columbus, US) aligned with the domain's DNS nameservers and SPF authorization. Authentication results: SPF pass, DMARC pass, compauth pass. The domain was first registered in 2002, giving it over two decades of reputation history.

The email body was minimal: a polite "Please see attached" with a standard corporate signature. No urgency, no unusual requests, no overt social-engineering pressure. The sender was a first-time contact to the recipient organization, which alone is a risk signal many gateways do not weight heavily enough when authentication is clean.

The attachment, Proposal_02_10_2026.pdf (MD5: 4c69e9983c51ce8a72ada477993016ec), was 120,451 bytes. The filename is intentionally vague, designed to be plausible for an unsolicited business pitch. No links in the message body were flagged as suspicious.

Why It Bypassed Defenses

The attack exploited the trust that gateway tools extend to long-established, fully authenticated domains. When SPF, DMARC, and compauth all pass, many gateways reduce or bypass additional scrutiny of attachment content. A domain registered in 2002 with stable DNS does not look like an attacker-registered throwaway, because it isn't. It is a compromised legitimate account, which is a fundamentally harder detection problem.

Gateway content filters that rely on static signatures or lightweight scanning may not catch a malicious PDF that uses obfuscated or novel payload delivery mechanisms. Signature-based detection works against known malware families. A freshly compiled or obfuscated PDF payload with no prior signature coverage will pass those checks. The file's sandbox-malicious verdict came only from dynamic detonation, which executes the file in a controlled environment and observes behavior.

The minimal body text removed any text-based signals. There was no financial request, no link to a credential-harvesting page, no urgency language. The entire payload risk resided in the attachment. Without sandbox detonation, this email offered no surface for conventional phishing content-filter heuristics to act on.

See Your Risk: Calculate how many threats your SEG is missing

How It Was Caught

The IRONSCALES platform submitted the attachment to a sandbox detonation environment. The PDF returned a malicious verdict. Multiple recipient mailboxes were quarantined in response. The first-time-sender flag and high sender risk score were supporting signals, but the definitive trigger was the sandbox outcome on the attachment itself.

This is a post-delivery detection: the email had already reached inboxes before the malicious verdict was confirmed. Multi-mailbox quarantine removed the file from all affected accounts. Security teams should treat the window between delivery and quarantine as a potential exposure window and conduct endpoint checks on recipients who received the message, particularly any who may have opened it before the quarantine action completed.

Defender Takeaway

Authenticated senders from long-established domains can be compromised. Treat first-time senders with unsolicited attachments as elevated risk regardless of authentication posture.

Gateway detonation for PDF files is not universal, and coverage varies by product and configuration. Ensure your environment is running sandbox detonation on PDF attachments from first-time senders, even when authentication checks pass. The goal of social engineering attacks delivered via compromised accounts is to inherit the sending domain's trust reputation. Your detection layer must not extend that trust to the attachment payload without independent verification.

Post-quarantine endpoint checks are not optional. Multi-mailbox quarantine tells you the files were removed, not whether any were opened beforehand. Search EDR telemetry for the attachment hash and filename before closing the incident.

Indicators of Compromise