Sandbox Blog Diagram3

The discovery by security researchers in March 2018 of a PDF sample that contains exploits for two zero-day vulnerabilities has confirmed that exploiting PDF readers is still considered a viable attack vector by, presumably, more advanced threat actors.1,2

https://www.crowdstrike.com/blog/leveraging-falcon-sandbox-to-detect-and-analyze-malicious-pdfs-containing-zero-day-exploits/