PUNCHBUGGY

PunchBuggy is a highly sophisticated malware that was observed by Morphisec Labs between March and May 2019. It is a backdoor malware that targets machines within the network of a customer in the hotel-entertainment industry. The malware is spread through Microsoft Word documents with embedded macros that, when enabled, downloads and executes the malicious downloader known as PUNCHBUGGY. PUNCHBUGGY is a dynamic-link library (DLL) downloader that exists in both 32-bit and 64-bit versions. It can obtain additional code over HTTPS, making it difficult to detect and stop. This downloader is used by a group that also employs similar infrastructure and tactics, techniques, and procedures (TTPs). Additionally, this group is the only one observed so far that uses both PUNCHBUGGY and POS malware PUNCHTRACK. To mitigate this activity, FireEye products and services identify it as Exploit.doc.MVX, Malware.Binary.Doc, PUNCHBUGGY, Malware.Binary.exe, and PUNCHTRACK. It is crucial to be vigilant in opening suspicious emails or downloading unknown files to prevent the spread of this type of malware.