Sonicwall RTDMI engine discovers malicious MS Office file containing Java RAT in the wild (Mar 30, 2018)

onicwall RTDMI engine as part of Sonicwall Capture ATP service identified a new malicious Microsoft Office Document file embedded with a Java malware RAT (Remote Access Trojan) in real time. Among many of its previously announced detection capabilities, SonicWall RTDMI engine can also look inside multiple layers of packaging and obfuscation to find well entrenched malware components in real-time and provide unparalleled detection capabilities. The non-existence of this malicious file on popular malware search portals (VirusTotal or Reversing Labs) indicates how fresh the malware sample is in the wild and the effectiveness of RTDMI. The figure below was taken when we started analysis of this threat and found no results on Virustotal:

Read More…