Make Troy, Not War - Case Study of the Wiper APT in Korea, and Beyond

Explore a comprehensive analysis of the Wiper APT (Advanced Persistent Threat) in Korea and its global implications in this Black Hat conference talk. Delve into the intricacies of various wiper components, including the System Wiper, Injector Wiper, and Webher Spreader. Examine the configuration files, complication files, and file sizes associated with this malware. Gain insights into the speaker's investigative methods and profile the characteristics of the Viper spreader. Uncover the connections between Operation Troy, Operation Flame, and other related cyber campaigns. Analyze communication methods, payload similarities, and version numbers across different attacks. Investigate the 2013 mission, encryption techniques, and the targeting of sensitive documents. Understand the core functions and naming conventions of these operations, providing a thorough overview of this significant cyber threat landscape.

Introduction
Agenda
Impact
Check Filmmaking Object
System Wiper
Injector Wiper
Webher Spreader
Configuration File
Complication Files
File Size
How I do it
Did it
Profile
Viper
Viper spreader
Content
Questions
Characteristics
Operation Troy
Communication
PDP
Global Resource Share
HTTP Comments
Similar payload
Version number
Version number 21
Mission 2013
Encryption
Operation Flame
Operation Flame 20
Army Class C
Sensitive Documents
PDB Files
Core Functions
Operation Name
Business Card