Infoblox Threat Intel

Vault Viper

Vault Viper is a uniquely dangerous threat actor blending criminal infrastructure with advanced cyber capabilities. It distributes a custom browser disguised as privacy software, which covertly installs surveillance tools, alters DNS settings and connects to command-and-control (C2) servers.

With millions of installs and ties to transnational organized crime—including money laundering, fraud and human trafficking—Vault Viper weaponizes online gambling platforms to harvest user data, evade detection and monetize victims at scale.

Its vast DNS footprint and malware-like behavior make it a rare convergence of cybercrime and real-world criminal enterprise.

Vault Viper

Operating since: April 2005
Infoblox discovered: March 2025
Infoblox published: October 2025
Prevalence: Uncommon

Threat actor resources

Blog

Infoblox Threat Intel
October 23, 2025

Vault Viper: High Stakes, Hidden Threats

Vault Viper is a threat actor leveraging DNS infrastructure and a custom browser for illegal gambling, and organized crime across Southeast Asia.

Read blog

Blog

Infoblox Threat Intel
September 30, 2025

Detour Dog: DNS Malware Powers Strela Stealer Campaigns

Learn about Detour Dog, a malicious adtech ecosystem that uses DNS TXT records to instruct infected websites to redirect visitors or fetch remote content.

Read blog

Infoblox Threat Intel

Vault Viper

Threat actor resources

Blog

Vault Viper: High Stakes, Hidden Threats

Blog

Detour Dog: DNS Malware Powers Strela Stealer Campaigns

Products

Solutions

Company

Resources

Get Infoblox Email Updates