- Distribution Method : Mail attachment(.js)
- MD5 : 813e5200442a33618375cc1739bf3e9a
- Major Detection Name : Trojan.Ransom.Mordor (ALYac), Ransom.HiddenTear!g1 (Norton)
- Encrypted File Pattern : .mordor
- Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Templates\<Random>.exe
- Payment Instruction File : READ_ME.html
- Major Characteristics :
- Karmen Ransomware series
- Hidden-Tear Ransomware based Open Source
List