A Tale of PivNoxy and Chinoxy Puppeteer - FortiGuard Labs
The attack chain is similar to that used by the Chinoxy backdoor, which also uses Cannondriver.exe to load a malicious LBTServ.dll to deliver its payload. ... As seen in the timeline, in Q3 of 2021, the threat actor switched their arsenal from PivNoxy to a new variant of Chinoxy, which decrypts and loads shellcode from a file and downloads the next payload. Malware: Pivnoxy, Chinoxy, Poison Ivy Tags: PivNoxy [View Article](https://www.fortinet.com/blog/threat-research/pivnoxy-and-chinoxy-puppeteer-analysis)