I cant believe with so many security companies (including under the noses Avast) and infosec experts knocking about with opinions that they cannot dissect the malware and figure out its capabilities/behavior.
Lets not forget that some folk (morphisec?) out there warned these guys about it over a month ago, so thats plenty of time to crack on and test.
A lot of malware these days uses a cocktail of bespoke and off the shelf components and often dynamic in nature sometimes going through a process of metamorphosis once it gets a foothold that can be different in a targetted manner - a proper forensics teardown would need captures at various stages and machines quarantined early on as well as logs of network traffic, etc.
Not sure if its just lack of imagination or what but there seems to be a lot of resistance as well to proper examination of some recent attacks - wannacry for instance there are still massive holes in the details of its operation including early attack vectors and side loaded components that even the respected security researchers gloss over like they aren't even there and are actually one of the more pertinent aspects of that attack - leaves me astounded that there is so little desire to fully understand it especially after people like IBM's security team, Avast, etc. categorically stated that their bulk monitoring shows very minor levels of spread via the attack vectors that everyone assumes were the way it initially operated - plus if you look at the nature of its spreading compared to any older worm like attacks there are some significant differences which should be raising questions but no one seems to be interested.