The CVE-2013-2729 sample we received earlier this month was disguising in an email context about analytic reports on China's president Xi Jinping. The attached pdf contained exploit and malware, and could bypass antivirus detection.
a glance at the PDF
When we detect this APT email (actually there are three instances of this wave of attacks, all using similar malware), we further dumped into our XecScan engine to get detail reports, the c2 ip is pointing to update . pushbike . tw (For full report, check out here: http://d.pr/i/jDml )
Birdman and Benson, Xecure Lab