SYMBOLCOMMON_NAMEaka. SYNONYMS
win.swiftslicer (Back to overview)

SwiftSlicer

aka: JaguarBlade

Actor(s): Sandworm


According to ESET, this is a wiper written in Go, that was deployed against an Ukrainian organization on January 25th 2023 through Group Policy, which suggests that the attackers had taken control of the victim’s Active Directory environment.

References
2023-03-15MicrosoftMicrosoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1, author = {Microsoft Threat Intelligence}, title = {{A year of Russian hybrid warfare in Ukraine}}, date = {2023-03-15}, institution = {Microsoft}, url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf}, language = {English}, urldate = {2023-04-25} } A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-01-27ESET ResearchESET Research
@online{research:20230127:tweets:ac3dd59, author = {ESET Research}, title = {{Tweets on SwiftSlicer}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://twitter.com/ESETresearch/status/1618960022150729728}, language = {English}, urldate = {2023-02-03} } Tweets on SwiftSlicer
SwiftSlicer
2023-01-27ESET ResearchESET Research
@online{research:20230127:swiftslicer:0877e07, author = {ESET Research}, title = {{SwiftSlicer: New destructive wiper malware strikes Ukraine}}, date = {2023-01-27}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/}, language = {English}, urldate = {2023-02-03} } SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer

There is no Yara-Signature yet.