SYMBOLCOMMON_NAMEaka. SYNONYMS
js.unidentified_006 (Back to overview)

Unidentified JS 006 (Winter Wyvern)

Actor(s): Winter Vivern


A script able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server by making HTTP requests.

References
2024-02-17Recorded FutureInsikt Group
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Unidentified JS 006 (Winter Wyvern)
2023-10-25ESET ResearchMatthieu Faou
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
Unidentified JS 006 (Winter Wyvern) Winter Vivern

There is no Yara-Signature yet.