Infoblox Threat Intel

Detour Dog

Detour Dog is a persistent threat actor that controls an ecosystem of compromised websites. Their techniques include using DNS TXT records to instruct infected websites to redirect visitors or fetch remote content. This enables Detour Dog to distribute scams and malware as an affiliate with other actors.

Detour Dog has been an affiliate of Help TDS, Monetizer, Los Pollos, and others. Detour Dog distributed the StarFish backdoor and Strela Stealer for Hive0145.

Operating since: 2020
Infoblox discovered: 2023
Infoblox published: 2025
Prevalence: Uncommon

Threat actor resources

Blog

Infoblox Threat Intel
January 14, 2025

One Mikro Typo: How a Simple DNS Misconfiguration Enables Malware Delivery by a Russian Botnet

Learn how we discovered a botnet delivering malware via spam campaigns using spoofed sender domains. It takes advantage of misconfigured DNS records to bypass email protection techniques.

Infoblox Threat Intel

Detour Dog

Threat actor resources

Blog

One Mikro Typo: How a Simple DNS Misconfiguration Enables Malware Delivery by a Russian Botnet

Products

Solutions

Company

Resources

Get Infoblox Email Updates