You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
INTRODUCTION<br />
Much has been written about the Sony hack. However, hard data has not been as plentiful. In an attempt to<br />
provide additional insight, we detail some facts about the malware reportedly used in the attack, and attempt to<br />
draw lines to other malware and incidents, beyond the mere speculative.<br />
In order to expand the case, we will look at a variety of evidence. In most cases, we will not settle for one single<br />
factor as the basis for assessments, but instead correlate information of different kinds. Factors that we will include<br />
are for example:<br />
• Obfuscation methods<br />
• Code structure<br />
• Text strings, such as encryption keys<br />
• Known localization<br />
• Digital code signing certificates<br />
Details about the different indicators are included in the appendixes.<br />
Acknowledgements<br />
A big thank you goes out to all who helped with this paper – notably Waylon Grange, always an invaluable source of<br />
insight and information, and the good folks over at Farsight Security who gracefully provided passive DNS data.