Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: File Selection Gaffe SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
File Selection Gaffe

Have you ever sent out the wrong file? I know it has happened to me, attaching the wrong file to an email.

And it happens to malicious actors too.

A reader sent us a malicious email with an attachment: PURCHASE ORDER.mmp

You must be thinking the same as me: what is an .mmp file? Microsoft Project? No, that seems to be .mpp.

Looking at it with a binary editor, it does seem to be some kind op project file:

I searched further for strings that might give me a clue, and found this:

Gammadyne Mailer is email marketing software.

This malicious actor sent out the project file for their mailing campaign!

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

492 Posts
ISC Handler
Oct 18th 2020
:) Nice , Thank You Didier. Great Catch :)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!