Sphynx (cdbebd0a-3036-4a24-b1d5-a3f0ca9c758e)
Sphynx is a variant of BlackCat ransomware (AKA ALPHV or Noberus) first observed in early 2023, which features multiple defense evasion-focused enhancements over the BlackCat strain. For example, Sphynx uses a more complex set of execution parameters, its configuration details are formatted as raw structures instead of JSON, and observed samples contain large amounts of “junk” code and encrypted strings.[X-Force BlackCat May 30 2023] Sphynx also features built-in versions of other tools to support specific functions, including the open-source Impacket tool for lateral movement and Remcom, a hacking tool that facilitates remote code execution.[Microsoft Threat Intelligence Tweet August 17 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Sphynx (cdbebd0a-3036-4a24-b1d5-a3f0ca9c758e) | Tidal Software | BlackCat Ransomware Actors & Affiliates (33159d02-a1ce-49ec-a381-60b069db66f7) | Tidal Groups | 1 |