top of page

A Tale of PivNoxy and Chinoxy Puppeteer

Recently, a simple and short email with a suspicious RTF attachment that had been sent to a telecommunications agency in South Asia caught the attention of FortiGuard Labs. The email was disguised as having come from a Pakistan government division and delivered the PivNoxy malware.

TARGETED COUNTRIES: Ukraine, Israel, India, Pakistan, Mexico


ATT&CK IDS: T1102 - Web Service, T1068 - Exploitation for Privilege Escalation, T1005 - Data from Local System, T1010 - Application Window Discovery, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1074 - Data Staged, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1140 - Deobfuscate/Decode Files or Information, T1195 - Supply Chain Compromise, T1201 - Password Policy Discovery, T1203 - Exploitation for Client Execution, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow

Read More:

1 view


Ο σχολιασμός έχει απενεργοποιηθεί.
bottom of page