Infoblox Threat Intel
Vextrio Viper
Vextrio Viper is a persistent actor operating a large criminal enterprise that uses a trifecta of traffic distribution systems (TDSs), lookalike domains and registered domain generation algorithms (RDGAs) to deliver malware, scams, and illegal content. Vextrio Viper is very adept at DNS. Their skills have enabled them to create and operate the largest known cybercriminal affiliate program with which they broker traffic for scores of other criminals. VexTrio Viper and their affiliates target users globally through many attack vectors. This is the single most pervasive threat actor that Infoblox has observed in customer networks. Vextrio Viper was formerly known as VexTrio.
- Operating since: At least 2017
- Infoblox discovered: February 2022
- Infoblox published: June 2022, October 2023, January 2024
- Prevalence: Very common