The document discusses document exploit kits (DEKs) such as ThreadKit and VenomKit, which embed multiple exploits into a single RTF document. It analyzes the infection chains and exploits used by these DEKs, including exploits for Microsoft Office like CVE-2017-8570 and CVE-2017-11882, as well as an Adobe Flash CVE-2018-4878 exploit. It provides details on how the RTF format can be used to embed malicious payloads and bypass defenses. Campaigns distributing various malware families like LokiBot and FormBook using these DEKs are also mentioned.