Sphinx

Description

(Qihoo 360) Operation Sphinx is a cyber-espionage activity in the Middle East. The main victims are political and military organizations in Egypt, Israel and possibly other countries. Sensitive data theft is what the attackers plotted for during the period from June, 2014 to November, 2015 when the activity was in its prime. We encountered some timestamps of the samples to be as early as December, 2011 which suggests the attack might be started much earlier, though further sound proof is needed. The main approach of Sphinx is watering hole attack on social web sites. Until now, we have obtained 314 pieces of sample malicious codes and 7 C2 domains.

Names

Name	Name-Giver
Sphinx	Qihoo 360
APT-C-15	Qihoo 360

Country

Unknown

Motivation

Information theft and espionage

First Seen

2014

Observed Countries

Egypt
Israel

Tools

AnubisSpy
Havex RAT
njRAT
ROCK

Information

https://docplayer.net/83717233-Sphinx-apt-c-15-targeted-cyber-attack-in-the-middle-east-table-of-contents.html
https://blog.trendmicro.com/trendlabs-security-intelligence/cyberespionage-campaign-sphinx-goes-mobile-anubisspy/

Other Information

Uuid

5430a5f5-1144-4956-8668-7279648ac6cd

Last Card Change

2020-05-21

Threat Intelligence Garden

Explorer

Sphinx

Sphinx

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks