Distribution of JAR appended to signed MSI

Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI – CVE-2020-1464

turned_in_notAdwind, binwalk, Bytecode Viewer, CVE-2020-1464, file, Glueball, IoCs, JAR, Java, MSI, RAT, Ratty, xxd, Yara, ZIP
This article discusses an interesting tactic actively used by different Java RAT malware authors like Ratty & Adwind¬† to distribute malicious JAR appended to signed MSI files. This technique was discovered by VT Team in Aug 2018[9] but that time it was not used by malware authors to distribute malicious…
Read More