NetWire and MITRE ChopShop
On August 4, Unit 42, the Palo Alto Networks threat intelligence team, released a tool to decrypt the traffic from a Remote Administration Tool (RAT) named NetWire (part of the NetWiredRC malware family). For details of the encryption protocol used please see our earlier post here.
The previously released protocol decoder and parser was originally built as a stand-alone module. As part of Unit 42’s mission to contribute to the se...