Update: See also http://blog.trendmicro.com/kim-jong-il-malicious-spam-found/comment-page-1/#c…

This is just meant to be a quick post and not a full analysis. After checking PDF X-RAY this morning I came across a file that contained a good amount of well-organized JavaScript that seemed to target several versions of Adobe Reader.

https://www.pdfxray.com/interact/b9183507150e32cace16c1dd68f2dc67/

I set my test system back to Adobe Reader 9.4.0 and ran the file. After exploiting reader, a clean file was dropped with content about the recent death of Kim Jong-il.

Dynamic dump along with the files can be downloaded here. (password infected)