Vextrio

Threat Actor updated 23 days ago (2024-11-29T14:47:04.372Z)
Download STIX
Preview STIX
Vextrio, a significant threat actor in the cybercrime landscape, has been uncovered as a major traffic broker for cybercriminals by Check Point Research's January 2024 Most Wanted Malware report. The group operates Vextrio Viper, a Traffic Distribution System (TDS) network established in 2020, which links compromised domains to an affiliate network of over 65 partners. These partners redirect users to phishing, malware, and scam sites, contributing to the development of extensive cybercrime ecosystems around HTTP-based TDS networks. The Vextrio network consists of approximately 70,000 hijacked websites used for distributing malware and conducting fraud. Infoblox, a cybersecurity firm, noted that while other cybercrime groups like SocGholish and ClearFake operate their own TDS networks, they also have strategic partnerships with Vextrio, effectively passing victims to its TDS. Moreover, Vextrio continues to register large quantities of domains daily using a dictionary-based domain-generation algorithm, providing a constantly changing supply of domains for hosting malicious content. Since its inception six years ago, Vextrio has taken over multiple legitimate domains, including a hospital website in Colombia and various WordPress sites with known vulnerabilities, allowing them to reroute user traffic. According to a report from Infoblox, Vextrio maintains multiple traffic distribution systems used by over 60 affiliates, indicating the group's influence and reach within the cybercrime community. This vast network and its ongoing activities underline Vextrio's role as a central operator in the cybercrime ecosystem.
Description last updated: 2024-11-15T16:16:17.263Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cybercrime
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Socgholish Malware is associated with Vextrio. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, MicrosofUnspecified
2
The Clearfake Malware is associated with Vextrio. ClearFake is a malicious software, or malware, that has been identified as a significant threat to cybersecurity. Its primary method of propagation is through fake browser updates, encouraging users to copy and execute harmful PowerShell commands. This deceptive approach enables cybercriminals to inUnspecified
2
Source Document References
Information about the Vextrio Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more