Back to overview

Threat intelligence

Infostealer Trojan hides in Covid-19 related email attachments

by Security News

Infostealer Trojan hides in Covid-19 related email attachments.Attackers are taking advantage of COVID-19 fear and spreading malware through COVID-19 informational emails attachments.As many states are still under shelter-at-home orders,people usually try to read any information regarding new guidelines from medical authorities.
This particular trojan is delivered through an email posing to have come from CDC(CENTER FOR DISEASE CONTROL)

Infection cycle :

The malicious attachment is 32 bit PE file. Upon execution it sets itself to gather information from the affected system.

It creates file and process dllhost.exe

It collects system information

  • Tries to read sensitive data of:  Mozilla Firefox, Google Chrome, QtWeb Internet Browser, Internet Explorer / Edge.
  • Reads installed programs by enumerating the SOFTWARE registry key.
  • Trying to read sensitive data of web browsers like Firefox, Google Chrome, Internet Explorer

 

Following are some of the files it tried to access:

C:\Program Files (x86)\Automize7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize7\encPwd.jsd
C:\Program Files (x86)\Automize8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize8\encPwd.jsd
C:\Program Files (x86)\Automize9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize9\encPwd.jsd
C:\Program Files (x86)\DeluxeFTP\sites.xml
C:\Program Files (x86)\EasyFTP\data
C:\Program Files (x86)\FTP Now\sites.xml
C:\Program Files (x86)\FTPGetter\Profile\servers.xml
C:\Program Files (x86)\FTPShell\ftpshell.fsi
C:\Program Files (x86)\Fastream NETFile\My FTP Links
C:\Program Files (x86)\FileZilla\Filezilla.xml
C:\Program Files (x86)\Foxmail\mail
C:\Program Files (x86)\FreshWebmaster\FreshFTP\FtpSites.SMF
C:\Program Files (x86)\GoFTP\settings\Connections.txt
C:\Program Files (x86)\JaSFtp10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\encPwd.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\encPwd.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\encPwd.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\encPwd.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\encPwd.jsd
C:\Program Files (x86)\oZone3D\MyFTP\myftp.ini
C:\Program Files\NETGATE\Black Hawk
C:\ProgramData\NetDrive2\drives.dat
C:\ProgramData\Syncovery
C:\Softwarenetz\Mailing\Daten\mailing.vdt
C:\Users\IEUser\.config\fullsync\profiles.xml
C:\Users\IEUser\AppData\Local360Browser\Browser\Default\Login Data
C:\Users\IEUser\AppData\Local360Browser\Browser\Login Data
C:\Users\IEUser\AppData\LocalCatalinaGroup\Citrio\Default\Login Data
C:\Users\IEUser\AppData\LocalCatalinaGroup\Citrio\Login Data
C:\Users\IEUser\AppData\LocalChromium\Default\Login Data
C:\Users\IEUser\AppData\LocalChromium\Login Data
C:\Users\IEUser\AppData\LocalCocCoc\Browser\Default\Login Data
C:\Users\IEUser\AppData\LocalCocCoc\Browser\Login Data
C:\Users\IEUser\AppData\LocalComodo\Chromodo\Default\Login Data
C:\Users\IEUser\AppData\LocalComodo\Chromodo\Login Data
C:\Users\IEUser\AppData\LocalComodo\Dragon\Default\Login Data
C:\Users\IEUser\AppData\LocalComodo\Dragon\Login Data
C:\Users\IEUser\AppData\LocalCoowon\Coowon\Default\Login Data
C:\Users\IEUser\AppData\LocalCoowon\Coowon\Login Data
C:\Users\IEUser\AppData\LocalEpic Privacy Browser\Default\Login Data
C:\Users\IEUser\AppData\LocalEpic Privacy Browser\Login Data
C:\Users\IEUser\AppData\LocalGoogle\Chrome SxS\Default\Login Data
C:\Users\IEUser\AppData\LocalGoogle\Chrome SxS\Login Data
C:\Users\IEUser\AppData\LocalGoogle\Chrome\Default\Login Data
C:\Users\IEUser\AppData\LocalGoogle\Chrome\Login Data
C:\Users\IEUser\AppData\LocalIridium\Default\Login Data
C:\Users\IEUser\AppData\LocalIridium\Login Data
C:\Users\IEUser\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
C:\Users\IEUser\AppData\LocalMapleStudio\ChromePlus\Login Data
C:\Users\IEUser\AppData\LocalMustang Browser\Default\Login Data
C:\Users\IEUser\AppData\LocalMustang Browser\Login Data
C:\Users\IEUser\AppData\LocalNichrome\Default\Login Data
C:\Users\IEUser\AppData\LocalNichrome\Login Data
C:\Users\IEUser\AppData\LocalOrbitum\Default\Login Data
C:\Users\IEUser\AppData\LocalOrbitum\Login Data
C:\Users\IEUser\AppData\LocalRockMelt\Default\Login Data
C:\Users\IEUser\AppData\LocalRockMelt\Login Data
C:\Users\IEUser\AppData\LocalSpark\Default\Login Data
C:\Users\IEUser\AppData\LocalSpark\Login Data
C:\Users\IEUser\AppData\LocalSuperbird\Default\Login Data
C:\Users\IEUser\AppData\LocalSuperbird\Login Data
C:\Users\IEUser\AppData\LocalTitan Browser\Default\Login Data
C:\Users\IEUser\AppData\LocalTitan Browser\Login Data
C:\Users\IEUser\AppData\LocalTorch\Default\Login Data
C:\Users\IEUser\AppData\LocalTorch\Login Data
C:\Users\IEUser\AppData\LocalVivaldi\Default\Login Data
C:\Users\IEUser\AppData\LocalVivaldi\Login Data
C:\Users\IEUser\AppData\LocalYandex\YandexBrowser\Default\Login Data
C:\Users\IEUser\AppData\LocalYandex\YandexBrowser\Login Data
C:\Users\IEUser\AppData\Local\360Browser\Browser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\360Browser\Browser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Chromium\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Chromium\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\CocCoc\Browser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Comodo\Chromodo\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Comodo\Chromodo\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Comodo\Dragon\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Coowon\Coowon\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Coowon\Coowon\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Epic Privacy Browser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Epic Privacy Browser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Google\Chrome SxS\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\INSoftware\NovaFTP\NovaFTP.db
C:\Users\IEUser\AppData\Local\Iridium\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Iridium\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Mustang Browser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Mustang Browser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Nichrome\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Nichrome\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Orbitum\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Orbitum\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\PokerStars*
C:\Users\IEUser\AppData\Local\QupZilla\profiles\default\browsedata.db
C:\Users\IEUser\AppData\Local\RockMelt\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\RockMelt\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Spark\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Spark\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Superbird\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Superbird\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Titan Browser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Titan Browser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Torch\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Torch\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Vivaldi\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Vivaldi\User Data\Default\Web Data
C:\Users\IEUser\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
C:\Users\IEUser\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
C:\Users\IEUser\AppData\Roaming\.purple\accounts.xml
C:\Users\IEUser\AppData\Roaming\BitKinex\bitkinex.ds
C:\Users\IEUser\AppData\Roaming\BlazeFtp\site.dat
C:\Users\IEUser\AppData\Roaming\Conceptworld\Notezilla\Notes8.db
C:\Users\IEUser\AppData\Roaming\Cyberduck
C:\Users\IEUser\AppData\Roaming\DeskSoft\CheckMail
C:\Users\IEUser\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
C:\Users\IEUser\AppData\Roaming\FTP Now\sites.xml
C:\Users\IEUser\AppData\Roaming\FTPBox\profiles.conf
C:\Users\IEUser\AppData\Roaming\FTPGetter\servers.xml
C:\Users\IEUser\AppData\Roaming\FTPInfo\ServerList.cfg
C:\Users\IEUser\AppData\Roaming\FTPInfo\ServerList.xml
C:\Users\IEUser\AppData\Roaming\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\IEUser\AppData\Roaming\FileZilla\filezilla.xml
C:\Users\IEUser\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\IEUser\AppData\Roaming\FileZilla\sitemanager.xml
C:\Users\IEUser\AppData\Roaming\GmailNotifierPro\ConfigData.xml
C:\Users\IEUser\AppData\Roaming\Ipswitch
C:\Users\IEUser\AppData\Roaming\Microsoft\Sticky Notes\StickyNotes.snt
C:\Users\IEUser\AppData\Roaming\NetDrive2\drives.dat
C:\Users\IEUser\AppData\Roaming\NetDrive\NDSites.ini
C:\Users\IEUser\AppData\Roaming\NetSarang\Xftp\Sessions
C:\Users\IEUser\AppData\Roaming\NexusFile\ftpsite.ini
C:\Users\IEUser\AppData\Roaming\NoteFly\notes
C:\Users\IEUser\AppData\Roaming\Notepad++\plugins\config\NppFTP\NppFTP.xml
C:\Users\IEUser\AppData\Roaming\Opera
C:\Users\IEUser\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
C:\Users\IEUser\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Web Data
C:\Users\IEUser\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Opera\Opera Next\data\Login Data
C:\Users\IEUser\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
C:\Users\IEUser\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
C:\Users\IEUser\AppData\Roaming\Pocomail\accounts.ini
C:\Users\IEUser\Documents\*.bscp
C:\Users\IEUser\Documents\*.kdb
C:\Users\IEUser\Documents\*.kdbx
C:\Users\IEUser\Documents\*.spn
C:\Users\IEUser\Documents\*.tlp
C:\Users\IEUser\Documents\*.vnc
C:\Users\IEUser\Documents\*Mailbox.ini
C:\Users\IEUser\Documents\1Password
C:\Users\IEUser\Documents\Enpass
C:\Users\IEUser\Documents\My RoboForm Data
C:\Users\IEUser\Documents\NetSarang\Xftp\Sessions
C:\Users\IEUser\Documents\Pocomail\accounts.ini
C:\Users\IEUser\Documents\SuperPutty
C:\Users\IEUser\Documents\mSecure
C:\Users\IEUser\Documents\yMail2\Accounts.xml
C:\Users\IEUser\Documents\yMail2\POP3.xml
C:\Users\IEUser\Documents\yMail2\SMTP.xml
C:\Users\IEUser\Documents\yMail\ymail.ini
C:\Users\IEUser\site.xml
C:\Windows\32BitFtp.TMP
C:\Windows\32BitFtp.ini
C:\Windows\Prefetch\DLLHOST.EXE-D6B64AC2.pf
C:\Windows\System32
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\apppatch\sysmain.sdb
C:\Windows\SysWOW64\apphelp.dll
C:\Windows\SysWOW64\imm32.dll
C:\Windows\SysWOW64\winmmbase.dll
C:\Windows\SysWOW64\KernelBase.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.765_none_42efd88044e1819c\comctl32.dll
C:\Windows\SysWOW64\uxtheme.dll
C:\Windows\SysWOW64\winmm.dll
C:\Windows\SysWOW64\IPHLPAPI.DLL
C:\Windows\SysWOW64\dwmapi.dll
C:\Windows\SysWOW64\mpr.dll
C:\Windows\SysWOW64\userenv.dll
C:\Windows\SysWOW64\version.dll
C:\Windows\SysWOW64\wininet.dll
C:\Windows\SysWOW64\wsock32.dll
C:\Windows\SysWOW64\ole32.dll
C:\Windows\SysWOW64\oleaut32.dll
C:\Windows\SysWOW64\user32.dll
C:\Windows\SysWOW64\advapi32.dll
C:\Windows\SysWOW64\comdlg32.dll
C:\Windows\SysWOW64\kernel32.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\SysWOW64\ws2_32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\Globalization\Sorting\SortDefault.nls
C:\Windows\SysWOW64\SHCore.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
C:\Windows\SysWOW64\cfgmgr32.dll
C:\Windows\SysWOW64\combase.dll
C:\Windows\SysWOW64\cryptbase.dll
C:\Windows\SysWOW64\fltLib.dll
C:\Windows\SysWOW64\gdi32.dll
C:\Windows\SysWOW64\gdi32full.dll
C:\Windows\SysWOW64\kernel.appcore.dll
C:\Windows\SysWOW64\msctf.dll
C:\Windows\SysWOW64\msvcp_win.dll
C:\Windows\SysWOW64\msvcrt.dll
C:\Windows\SysWOW64\powrprof.dll
C:\Windows\SysWOW64\profapi.dll
C:\Windows\SysWOW64\psapi.dll
C:\Windows\SysWOW64\rpcrt4.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\shlwapi.dll
C:\Windows\SysWOW64\sspicli.dll
C:\Windows\SysWOW64\ucrtbase.dll
C:\Windows\SysWOW64\win32u.dll
C:\Windows\SysWOW64\windows.storage.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.765_none_42efd88044e1819c
C:\Users\IEUser\Desktop
C:\Windows\Prefetch\COVID_PDF.EXE-37D47B96.pf
C:\Windows\SysWOW64\UxTheme.dll.Config
C:\Windows\SysWOW64\rpcss.dll
C:\Windows\System32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64log.dll
C:\Windows\System32\wow64win.dll

Following are some of the regirstry key changes that it tried to make:

HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties
HKCU\������О�����������҉�ќ��Й����М�����Й��я��
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe
HKLM\SOFTWARE\Policies\Microsoft\MUI\Settings
HKLM\SOFTWARE\Policies\Microsoft\Windows\Display
HKLM\Software\WOW6432Node\Policies\Microsoft\MUI\Settings
HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Display
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
HKLM\System\CurrentControlSet\Control\Lsa
HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKLM\System\CurrentControlSet\Control\NLS\Language
HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions
HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap
HKLM\System\CurrentControlSet\Services\afunix\Parameters\Winsock\Mapping
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock\Mapping
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version
HKLM\System\CurrentControlSet\Services\Winsock\Parameters\Transports
HKCR\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}\InProcServer32\(Default)
HKCR\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\InProcServer32\(Default)
HKCU\Control Panel\Desktop\MuiCached
HKCU\Software\AppDataLow
HKCU\Software\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}
HKCU\Software\Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\(Default)
HKCU\Software\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}
HKCU\Software\Classes\Local Settings\Software\Microsoft\Ole
HKCU\Software\Clients

It then tries to post the sensitive information to attlogistics-vn.com

IoCs

  • 9e26d68332abb02fb2e80a924f83eb8614afe4e8b841f51c9f82fd0c986d4571
  • attlogistics-vn.com

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV : Autoit.Covid.D

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.