← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
VexTrio DDGA Domains Observed Spreading Adware, Spyware, and Scam Web Forms
WHITE VexTrio AlienVault 2024-01-24 Modified: 2024-02-23
105
IOCs
HIGH VOLUME
Since February 2022, Infoblox’s Threat Intelligence Group has been tracking malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to run scams and spread riskware, spyware, adware, potentially unwanted programs, and pornographic content. This attack is widespread and impacts targets across many industries. From 1 to 12 May 2022, we detected more than 770,000 DNS queries to these domains, in approximately 50% of our cloud customer networks, across 24 industries. Based on the age of the domains, we judge that the threat actors have been conducting these campaigns for at least 13 months. For reporting and tracking purposes, we call this DDGA family and activity VexTrio.
VexTrio DDGAJavaScriptWordPresscURLDDGA domains
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (105)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain appleangertree.xyz 2024-01-24
domain afraidordersky.xyz 2024-01-24
domain alwaysmenfair.xyz 2024-01-24
domain amdangeroccur.xyz 2024-01-24
hostname cthjrl.senseagreepaper.xyz 2024-01-24
domain xmas-prize-p5z.live 2024-01-24
domain appletemperatureright.xyz 2024-01-24
domain appearnumeralsubstance.xyz 2024-01-24
domain aboveheldtouch.xyz 2024-01-24
domain arefinalwear.xyz 2024-01-24
domain get-the-prize-ht3.live 2024-01-24
domain prize-of-8win.live 2024-01-24
domain get-the-prize-ht4.live 2024-01-24
domain animalsongcold.xyz 2024-01-24
domain alwaysothermillion.xyz 2024-01-24
domain winner-g8sf.live 2024-01-24
hostname ns1.clevercloudns.com 2024-01-24
domain arrivedeathfind.xyz 2024-01-24
domain allowthoughtpush.xyz 2024-01-24
hostname ns1.plaindnsprovider.com 2024-01-24
domain prize-of-6win.live 2024-01-24
domain prize-of-1win.live 2024-01-24
domain anysetcenter.xyz 2024-01-24
domain angerfeeltouch.xyz 2024-01-24
domain actspokemethod.xyz 2024-01-24
domain agreefacttype.xyz 2024-01-24
domain winner-g3sf.live 2024-01-24
hostname ns1.fastthinkingdns.com 2024-01-24
domain winner-g6sf.live 2024-01-24
hostname ns2.clevercloudns.com 2024-01-24
domain ablearewild.xyz 2024-01-24
hostname ns2.supersonicdns.com 2024-01-24
domain agreespeechfollow.xyz 2024-01-24
domain get-the-prize-ht1.live 2024-01-24
domain xmas-prize-p4z.live 2024-01-24
hostname ns1.supersonicdns.com 2024-01-24
domain agreefactnation.xyz 2024-01-24
domain andfighttotal.xyz 2024-01-24
domain arevowelwire.xyz 2024-01-24
domain xmas-prize-p9z.live 2024-01-24
hostname ns1.famouscloudcaptain.com 2024-01-24
domain askstickamong.xyz 2024-01-24
domain aboutoildesign.xyz 2024-01-24
domain againstmostborn.xyz 2024-01-24
domain allowcertainstone.xyz 2024-01-24
hostname ns1.dnstechnoprovider.com 2024-01-24
hostname ns2.plaindnsprovider.com 2024-01-24
domain xmas-prize-p8z.live 2024-01-24
domain appearweregirl.xyz 2024-01-24
domain prize-of-5win.live 2024-01-24
domain aloneyoungour.xyz 2024-01-24
domain prize-of-3win.live 2024-01-24
domain allowspeednature.xyz 2024-01-24
hostname ns2.famouscloudcaptain.com 2024-01-24
domain winner-g5sf.live 2024-01-24
domain get-the-prize-ht7.live 2024-01-24
domain xmas-prize-p1z.live 2024-01-24
hostname ns2.fastthinkingdns.com 2024-01-24
domain winner-g9sf.live 2024-01-24
domain aloneflybox.xyz 2024-01-24
domain allowdivisionwood.xyz 2024-01-24
domain afraidgrayanswer.xyz 2024-01-24
domain alwaystogetherconsonant.xyz 2024-01-24
domain xmas-prize-p2z.live 2024-01-24
hostname ns1.lopoloda.xyz 2024-01-24
domain xmas-prize-p3z.live 2024-01-24
domain winner-g4sf.live 2024-01-24
domain airpathinch.xyz 2024-01-24
domain get-the-prize-ht9.live 2024-01-24
domain artofanger.xyz 2024-01-24
domain winner-g7sf.live 2024-01-24
domain amongcitylearn.xyz 2024-01-24
domain armdryhappy.xyz 2024-01-24
domain burnihhell.live 2024-01-24
hostname ns2.lopoloda.xyz 2024-01-24
domain appearstraightself.xyz 2024-01-24
domain anroadship.xyz 2024-01-24
domain animallinesection.xyz 2024-01-24
domain genericstorageplace.com 2024-01-24
domain animalcreatemen.xyz 2024-01-24
domain winner-g2sf.live 2024-01-24
domain get-the-prize-ht5.live 2024-01-24
domain get-the-prize-ht2.live 2024-01-24
domain get-the-prize-ht6.live 2024-01-24
domain ageninewear.xyz 2024-01-24
domain prize-of-2win.live 2024-01-24
domain prize-of-7win.live 2024-01-24
domain get-the-prize-ht8.live 2024-01-24
domain prize-of-9win.live 2024-01-24
domain alwaysgraystory.xyz 2024-01-24
domain rockstorageplace.com 2024-01-24
domain againstsongparticular.xyz 2024-01-24
domain aresilenthouse.xyz 2024-01-24
domain armnosecity.xyz 2024-01-24
domain prize-of-4win.live 2024-01-24
domain xmas-prize-p6z.live 2024-01-24
domain xmas-prize-p7z.live 2024-01-24
domain ascurrentonce.xyz 2024-01-24
domain airopengo.xyz 2024-01-24
domain genericrockstorage.com 2024-01-24
domain universalrock-storage.com 2024-01-24
domain artclassmean.xyz 2024-01-24
hostname ns2.dnstechnoprovider.com 2024-01-24
domain amongconditionas.xyz 2024-01-24
domain againstsegmentyellow.xyz 2024-01-24
References (1)
↗ https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/vextrio-ddga-domains-spread-adware-spyware-and-scam-web-forms/