Dell SecureWorks analyzed destructive Wiper malware used in the March 20, 2013 attacks that disrupted South Korean broadcasters, banks, and other financial-sector systems. The dropper extracted Windows wiper components, PuTTY SSH/SCP binaries, and a Unix Bash wiper script, then searched stored mRemote or SecureCRT sessions for root SSH credentials to copy and execute the Unix wiper on reachable servers. The Windows wipers overwrote MBR, VBR, logical drives, and files using sample-specific strings such as PRINCPES, HASTATI, and PR!NCPES, with one variant waiting until 14:00 KST on the attack date. The report lists hashes for the dropper, wipers, and dropped tools, notes checks for AhnLab-related artifacts, and emphasizes that the samples lacked C2, backdoor, or data-theft functionality while still causing large-scale destructive impact.