Infoblox Threat Intel

Vextrio Viper

Vextrio Viper is a persistent actor operating a large criminal enterprise that uses a trifecta of traffic distribution systems (TDSs), lookalike domains and registered domain generation algorithms (RDGAs) to deliver malware, scams, and illegal content. Vextrio Viper is very adept at DNS. Their skills have enabled them to create and operate the largest known cybercriminal affiliate program with which they broker traffic for scores of other criminals. VexTrio Viper and their affiliates target users globally through many attack vectors. This is the single most pervasive threat actor that Infoblox has observed in customer networks. Vextrio Viper was formerly known as VexTrio.

Operating since: At least 2017
Infoblox discovered: February 2022
Infoblox published: June 2022, October 2023, January 2024
Prevalence: Very common

Threat actor resources

Blog

Infoblox Threat Intel
May 28, 2024

VexTrio Viper Adds a New DNS TDS Domain

Learn how VexTrio Viper adapts to industry reporting and about the role of Infoblox Threat Intel in identifying and responding to these changes. Despite their adaptations, VexTrio Viper is still detectable.

Media Article

TechRepublic
February 9, 2024

IT Pros Missing Mega-Threat From Organised Cyber Criminals

Cyber security threat actor VexTrio is flying under the radar for most APAC region cyber security professionals because it is a web traffic distribution middle man rather than an endpoint source of malware.

Media Article

TechRepublic
February 9, 2024

Infoblox says IT Pros Are Missing This Mega-Threat From Organised Global Cyber Criminals

High volumes of malware and other malicious content are being delivered to networks in APAC, Australia, New Zealand and across the globe as a result of a set of large-scale malicious cybercriminal partnerships led by the largely secret yet insidious threat actor, VexTrio.

Webinar

Dr. Renée Burton
February 7, 2024

Traffic Distribution Systems at the Heart of Cybercrime

In mainstream media, cybercriminals are often portrayed as exotic figures that employ dark arts of computer programming to disrupt social order.

WATCH NOW

Blog

Infoblox Threat Intel
January 23, 2024

Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program

DNS threat actor VexTrio runs a large-scale criminal affiliate program including ClearFake and SocGholish actors.

Media Article

Dark Reading
January 23, 2024

VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally.

Blog

Infoblox Threat Intel
August 24, 2023

VexTrio Deploys DNS-based TDS Server

In early 2022, Infoblox detected a widespread attack involving compromised WordPress websites that conditionally redirect visitors to intermediary command and control (C2) and dictionary domain generation algorithm (DDGA) domains.

Blog

Infoblox Threat Intel
June 6, 2022

VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

The VexTrio DDGA is being used by malicious actors who take advantage of cheap, private domain registrations to create complex attack infrastructure that remain undetected for a long time.

Blog

Infoblox Threat Intel
June 6, 2022

Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

Since February 2022, Infoblox’s Threat Intelligence Group has tracked malicious campaigns using dictionary domain generation algorithm (DDGA) domains to distribute scams and unwanted content.

Infoblox Threat Intel

Vextrio Viper

Threat actor resources

Blog

VexTrio Viper Adds a New DNS TDS Domain

Media Article

IT Pros Missing Mega-Threat From Organised Cyber Criminals

Media Article

Infoblox says IT Pros Are Missing This Mega-Threat From Organised Global Cyber Criminals

Webinar

Traffic Distribution Systems at the Heart of Cybercrime

Blog

Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program

Media Article

VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

Blog

VexTrio Deploys DNS-based TDS Server

Blog

VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

Blog

Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

Products

Solutions

Company

Resources

Get Infoblox Email Updates