This document discusses various techniques used in malware analysis and attribution, including: 1) Analyzing malware samples and associated metadata to identify patterns in implementation traits, infrastructure, and custom features that can provide clues to the actor. 2) The challenges of attribution given issues like attribution indicators being faked, the influence of individual analysts and compilers, and denials from suspected groups. 3) How soft attribution based on analyzing similarities in malware is less definitive than hard attribution with confirmed links, and how both are interpreted by analysts.