The Sony Pictures hackers likely took months to do their dirty work—snooping around the company’s network and gathering passwords, before distributing wiper malware that took the system out, according to a report from Bloomberg.

The report attributes Trend Micro for those revelations, made after conducting simulations on a copy of the virus responsible for crippling Sony, known as WIPALL or Destover. Trend Micro wouldn’t say where it obtained the copy.

Bloomberg quoted Trend Micro security evangelist Masayoshi Someya as saying, the malware is unique in “that it had a payload with a particular time bomb-type capability.”

The incident exposed sensitive information and led to the release of hundreds of embarrassing and damaging emails between Sony executives as well as the company deciding not to release the film The Interview, which is seen as the catalyst for the attack.