{ "id": "2709ea96-984c-4667-a8b6-a7956ec76cf4", "created_at": "2026-04-06T00:22:00.800214Z", "updated_at": "2026-04-10T13:11:52.686483Z", "deleted_at": null, "sha1_hash": "cca99ab1e09d2e92e4d36cf6bb19c8b025d0d064", "title": "SwiftSlicer (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 38708, "plain_text": "SwiftSlicer (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 18:40:54 UTC\r\nwin.swiftslicer (Back to overview)\r\nSwiftSlicer\r\naka: JaguarBlade\r\nActor(s): Sandworm\r\nAccording to ESET, this is a wiper written in Go, that was deployed against an Ukrainian organization on January\r\n25th 2023 through Group Policy, which suggests that the attackers had taken control of the victim’s Active\r\nDirectory environment.\r\nReferences\r\n2023-03-15 ⋅ Microsoft ⋅ Microsoft Threat Intelligence\r\nA year of Russian hybrid warfare in Ukraine\r\nCaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer\r\nWhisperGate\r\n2023-01-27 ⋅ ESET Research ⋅ ESET Research\r\nSwiftSlicer: New destructive wiper malware strikes Ukraine\r\nSwiftSlicer\r\n2023-01-27 ⋅ ESET Research ⋅ ESET Research\r\nTweets on SwiftSlicer\r\nSwiftSlicer\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.swiftslicer\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.swiftslicer\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.swiftslicer" ], "report_names": [ "win.swiftslicer" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434920, "ts_updated_at": 1775826712, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cca99ab1e09d2e92e4d36cf6bb19c8b025d0d064.pdf", "text": "https://archive.orkl.eu/cca99ab1e09d2e92e4d36cf6bb19c8b025d0d064.txt", "img": "https://archive.orkl.eu/cca99ab1e09d2e92e4d36cf6bb19c8b025d0d064.jpg" } }