Sphynx

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and additional tooling. The malware's evolution has been tracked through previous alerts from April 2022 and December 2023, culminating in this formidable iteration. The Sphynx version of BlackCat ransomware introduced advanced capabilities, such as the ability to encrypt both Windows and Linux devices, and VMWare instances. The tooling provided a Linux-based operating system (OS) running Sphynx, the latest BlackCat variant. The additional features and improved defense evasion capabilities make this malware a significant threat to cyber infrastructure. In response to this threat, the US Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory containing updated Indicators of Compromise (IoCs) associated with the BlackCat Ransomware 2.0 Sphynx version released in February 2023. This constant updating of its malware underscores the persistent threat posed by the BlackCat group and the need for ongoing vigilance and cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Alphv
5
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Encryption
Loader
Ransomware P...
Impacket
Windows
Ransom
Encrypt
Lateral Move...
Malware
Linux
Microsoft
Azure
Nist
RaaS
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Black CatUnspecified
1
Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Blackcat SphynxUnspecified
1
None
Blackcat’s SphynxUnspecified
1
None
Source Document References
Information about the Sphynx Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
US Government Warns Healthcare is Biggest Target for BlackCat Affiliat
BankInfoSecurity
5 months ago
BlackCat Pounces on Health Sector After Federal Takedown
CERT-EU
5 months ago
CISA, FBI Warn of Continued BlackCat Ransomware Activity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Securityaffairs
5 months ago
FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
CERT-EU
5 months ago
FBI, CISA warns Of ALPHV Blackcat Ransomware Attacking Hospitals | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
US healthcare alerted against BlackCat amid targeted attacks | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
CISA, FBI, And HHS Update | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
US seizes ALPHV/BlackCat darknet website, releases decryption tool
Flashpoint
7 months ago
ALPHV's Downfall? The 2023 Crackdown on BlackCat Ransomware
CISA
7 months ago
#StopRansomware: ALPHV Blackcat | CISA
CERT-EU
8 months ago
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
Unit42
9 months ago
BlackCat Climbs the Summit With a New Tactic
Trend Micro
9 months ago
How to Prevent Ransomware as a Service (RaaS) Attacks
CERT-EU
a year ago
BlackCat Alphv Ransomware
CERT-EU
10 months ago
LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
CERT-EU
10 months ago
Cyber Security Week in Review: September 22, 2023
CERT-EU
10 months ago
Cyber Security Today, Sept. 23, 2023 – Nova Scotia details MOVEit victims, a new ransomware strain found and more | IT World Canada News
CERT-EU
10 months ago
BlackCat Ransomware Leveraging Remote Monitoring Tools | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
BlackCat Ransomware Leveraging Remote Monitoring Tools to Encrypt Azure Storage
CERT-EU
10 months ago
BlackCat ransomware hits Azure Storage with Sphynx encryptor