Talos has discovered a new spam campaign used to infect targets with Loki Bot stealer Loki Bot. The infection vector is an RTF document abusing an old exploit (CVE-2016-7193) Malformed document contains several malformations designed to defeat security engines and parsers. This article explains how the malware author modified the RTF file in order to bypass security protection and frustrate malware researchers. According to VirusTotal, the initial detection rate of a malicious document recovered from a recent spam campaign is only 3 out of 45 available engines.”]
Source: https://blog.talosintelligence.com/2017/03/how-malformed-rtf-defeats-security.html