Sphynx

Malware updated 5 months ago (2024-05-04T19:19:06.343Z)
Download STIX
Preview STIX
Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and additional tooling. The malware's evolution has been tracked through previous alerts from April 2022 and December 2023, culminating in this formidable iteration. The Sphynx version of BlackCat ransomware introduced advanced capabilities, such as the ability to encrypt both Windows and Linux devices, and VMWare instances. The tooling provided a Linux-based operating system (OS) running Sphynx, the latest BlackCat variant. The additional features and improved defense evasion capabilities make this malware a significant threat to cyber infrastructure. In response to this threat, the US Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory containing updated Indicators of Compromise (IoCs) associated with the BlackCat Ransomware 2.0 Sphynx version released in February 2023. This constant updating of its malware underscores the persistent threat posed by the BlackCat group and the need for ongoing vigilance and cybersecurity measures.
Description last updated: 2024-05-04T16:28:46.305Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Alphv is a possible alias for Sphynx. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its la
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Encryption
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sphynx Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
BankInfoSecurity
8 months ago
CERT-EU
8 months ago
Securityaffairs
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
10 months ago
Flashpoint
10 months ago
CISA
10 months ago
CERT-EU
a year ago
Unit42
a year ago
Trend Micro
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago