Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

File Selection Gaffe

Published: 2020-10-18
Last Updated: 2020-10-18 19:43:52 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Have you ever sent out the wrong file? I know it has happened to me, attaching the wrong file to an email.

And it happens to malicious actors too.

A reader sent us a malicious email with an attachment: PURCHASE ORDER.mmp

You must be thinking the same as me: what is an .mmp file? Microsoft Project? No, that seems to be .mpp.

Looking at it with a binary editor, it does seem to be some kind op project file:

I searched further for strings that might give me a clue, and found this:

Gammadyne Mailer is email marketing software.

This malicious actor sent out the project file for their mailing campaign!

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
1 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

CVE-2020-5135 - Buffer Overflow in SonicWall VPNs - Patch Now
Oct 17th 2020
1 day ago by Rick (0 comments)

Traffic Analysis Quiz: Ugly-Wolf.net
Oct 16th 2020
3 days ago by Brad (0 comments)

CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability
Oct 15th 2020
3 days ago by Johannes (0 comments)

Nicely Obfuscated Python RAT
Oct 15th 2020
4 days ago by Xme (0 comments)

More TA551 (Shathak) Word docs push IcedID (Bokbot)
Oct 14th 2020
5 days ago by Brad (0 comments)

Microsoft October 2020 Patch Tuesday
Oct 13th 2020
5 days ago by Renato (0 comments)

Nested .MSGs: Turtles All The Way Down
Oct 12th 2020
6 days ago by DidierStevens (0 comments)

View All Diaries →

Latest Discussions

Gmail hacked vis MS Outlook / request.zip virus/malware
created Oct 13th 2020
5 days ago by Anonymous (2 replies)

Why is the entire community so... I don't know the words...
created Sep 8th 2020
1 month ago by Everseeker (0 replies)

I can not find the Bluetooth channel!
created Aug 31st 2020
1 month ago by Martin (0 replies)

Fellow Cyber Security Pro's, where do you get your regular feeds of information?
created Aug 11th 2020
2 months ago by Anonymous (0 replies)

Most important information security training and certifications
created Aug 10th 2020
2 months ago by Anonymous (0 replies)

View All Forums →

Latest News

Top Diaries

An infection from Rig exploit kit
Jun 17th 2019
1 year ago by Brad (0 comments)

Open Packaging Conventions
Oct 10th 2020
1 week ago by DidierStevens (0 comments)

Traffic Analysis Quiz: Ugly-Wolf.net
Oct 16th 2020
3 days ago by Brad (0 comments)

What's in Your Clipboard? Pillaging and Protecting the Clipboard
Sep 11th 2020
1 month ago by Rob VandenBrink (0 comments)

Today, Nobody is Going to Attack You.
Oct 7th 2020
1 week ago by Johannes (0 comments)

send lots of email to money@stifortunes.com