|
|
|
|
|
|
by rlucas
3554 days ago
|
|
|
Most of what I've heard of being used as support for attribution are "fingerprints" left behind on compromised devices. Things like characteristics of how variables were named in interpeted code, how binaries were compiled, specific attack vectors used, etc. I can't recall anyone recently pointing to first-hop originating IPs as being definitive evidence, in this age of cheaply traded botnets. |
|
|