Executive Impersonation Email Delivering Malicious PDF Link

A regional sales organization received CEO-impersonation phishing emails on 11 April 2026 containing a malicious PDF (Strategic_Update_Q2.pdf) that redirected to https://executive-briefing-center.net/open?id=55312 to download briefing_update.js; execution launched PowerShell to fetch an additional payload from 172.104.55.73. Observed IOCs include sender office.ceo@global-boardmail.com, the PDF attachment, the redirect URL, the JavaScript filename, and the payload IP.