Flame was a big story at the time it was discovered, although it has quickly faded from the collective memory. At the time there was a lot of speculation as to who had produced the malware: the consensus appeared to be that it was a nation state. Some of the evidence pointed to was the attack that was mounted on certain forms of encryption in order for Flame to operate.
The attack concerned the MD5 message digest algorithm. MD5 has had a chequered history with some early implementations leading to problems for many but the effect of the Flame attack was for many to consider MD5 as effectively cryptographically broken.
I have never seen this done before (using so little data), but a team of researchers have managed to reverse engineer the cryptanalytic attack mounted by Flame. This is of interest not just because it is the first time that a cryptanalytic attack has been reconstructed from a single output example, specifically, a single example half of a collision pair, but it has revealed some interesting features of the capabilities of those who constructed and used Flame. [This work was first presented at ASIACRYPT 2015.]
