Elastic Security Labs is providing an update to the REF2924 research published in December of 2022. This update includes malware analysis of the implants, additional findings, and associations with other intrusions.

Python script to extract the configuration from NETWIRE samples.

Elastic Security Labs discusses the NETWIRE trojan and is releasing a tool to dynamically extract configuration files.