.. /.Pub

Phishing
Double Click
Macros

Contributors:

Adithya - @ravooriadithya

Description:

PUB file extension represents Microsoft Publisher document file format. It's very popular file format used for different types of publications like newsletters, flyers, brochures, postcards, etc. Also, this format is widely used in Websites and Emails. Pub files can contain malicious macros that can infect a user's machine.

OS:

Windows
Mac

Recommendation:

Manage trusted locations (to an absolute minimum) and monitor remaining. Disable macros via GPO and whitelist the users that are permitted to run macros. For end-users, turn off internet based macros from MS Publisher. If no business need, block .pub on email and web gateways.

Resources:

https://www.trendmicro.com/en_in/research/18/j/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments.html

File Samples:

https://www.virustotal.com/gui/file/38066350f0ad3edfa2ccf534f51ad528b8bac6e8f1a2a5450556a33fdf345109