Unidentified JS 006 (Winter Wyvern) (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

js.unidentified_006 (Back to overview)

Unidentified JS 006 (Winter Wyvern)

Actor(s): Winter Vivern

A script able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server by making HTTP requests.

References

2024-02-17 ⋅ Recorded Future ⋅ Insikt Group
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Unidentified JS 006 (Winter Wyvern)

2023-10-25 ⋅ ESET Research ⋅ Matthieu Faou
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
Unidentified JS 006 (Winter Wyvern) Winter Vivern

There is no Yara-Signature yet.

Unidentified JS 006 (Winter Wyvern) Propose Change

References

Unidentified JS 006 (Winter Wyvern)