Return to Infoblox Homepage
English Español Deutsch
RESOURCES

Infoblox Threat Intel

Vextrio Viper

Vextrio Viper is a persistent actor operating a large criminal enterprise that uses a trifecta of traffic distribution systems (TDSs), lookalike domains and registered domain generation algorithms (RDGAs) to deliver malware, scams, and illegal content. Vextrio Viper is very adept at DNS. Their skills have enabled them to create and operate the largest known cybercriminal affiliate program with which they broker traffic for scores of other criminals. VexTrio Viper and their affiliates target users globally through many attack vectors. This is the single most pervasive threat actor that Infoblox has observed in customer networks. Vextrio Viper was formerly known as VexTrio.

  • Operating since: At least 2017
  • Infoblox discovered: February 2022
  • Infoblox published: June 2022, October 2023, January 2024
  • Prevalence: Very common

Threat actor resources

Media Article

TechRepublic
February 9, 2024

IT Pros Missing Mega-Threat From Organised Cyber Criminals

Cyber security threat actor VexTrio is flying under the radar for most APAC region cyber security professionals because it is a web traffic distribution middle man rather than an endpoint source of malware.

Read more
Media Article

TechRepublic
February 9, 2024

Infoblox says IT Pros Are Missing This Mega-Threat From Organised Global Cyber Criminals

High volumes of malware and other malicious content are being delivered to networks in APAC, Australia, New Zealand and across the globe as a result of a set of large-scale malicious cybercriminal partnerships led by the largely secret yet insidious threat actor, VexTrio.

Read more
Webinar

Dr. Renée Burton
February 7, 2024

Traffic Distribution Systems at the Heart of Cybercrime

In mainstream media, cybercriminals are often portrayed as exotic figures that employ dark arts of computer programming to disrupt social order.

WATCH NOW
Blog

Infoblox Threat Intel
January 23, 2024

Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program

DNS threat actor VexTrio runs a large-scale criminal affiliate program including ClearFake and SocGholish actors.

Read more
Media Article

Dark Reading
January 23, 2024

VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally.

Read more
Blog

Infoblox Threat Intel
August 24, 2023

VexTrio Deploys DNS-based TDS Server

In early 2022, Infoblox detected a widespread attack involving compromised WordPress websites that conditionally redirect visitors to intermediary command and control (C2) and dictionary domain generation algorithm (DDGA) domains.

Read more
Blog

Infoblox Threat Intel
June 6, 2022

VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

The VexTrio DDGA is being used by malicious actors who take advantage of cheap, private domain registrations to create complex attack infrastructure that remain undetected for a long time.

Read more
Blog

Infoblox Threat Intel
June 6, 2022

Executive Summary: VexTrio DDGA Domains Spread Adware, Spyware, and Scam Web Forms

Since February 2022, Infoblox’s Threat Intelligence Group has tracked malicious campaigns using dictionary domain generation algorithm (DDGA) domains to distribute scams and unwanted content.

Read more
Back To Top