VexTrio DDGA Domains Observed Spreading Adware, Spyware, and Scam Web Forms [Wednesday, January 24, 2024]

Since February 2022, Infoblox’s Threat Intelligence Group has been tracking malicious campaigns that use domains generated by a dictionary domain g...
VexTrio DDGA Domains Observed Spreading Adware, Spyware, and Scam Web Forms [Wednesday, January 24, 2024]
VexTrio DDGA Domains Observed Spreading Adware, Spyware, and Scam Web Forms
Report

VexTrio DDGA Domains Observed Spreading Adware, Spyware, and Scam Web Forms

Description :
Since February 2022, Infoblox’s Threat Intelligence Group has been tracking malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to run scams and spread riskware, spyware, adware, potentially unwanted programs, and pornographic content. This attack is widespread and impacts targets across many industries. From 1 to 12 May 2022, we detected more than 770,000 DNS queries to these domains, in approximately 50% of our cloud customer networks, across 24 industries. Based on the age of the domains, we judge that the threat actors have been conducting these campaigns for at least 13 months. For reporting and tracking purposes, we call this DDGA family and activity VexTrio.

Published Created Modified
2024-01-24 17:56:40 2024-01-24 17:56:40 2024-01-24 18:33:46

Tags

Indicators

IPv4s :
  • 5.101.37.6
  • 5.101.37.10
  • 5.101.37.14
  • 5.101.37.16
  • 5.101.37.8
  • 5.8.47.52
  • 5.101.37.11
  • 5.101.37.15
  • 5.101.37.4
  • 5.101.37.13
  • 5.188.51.87
  • 5.101.37.17
  • 5.188.178.158
  • 5.8.47.3
  • 5.101.37.9
  • 5.101.37.3
  • 5.101.37.7
  • 5.101.37.5
  • 149.248.3.79
  • 5.101.37.12
  • 5.45.71.227
  • 5.101.47.158
Domains :
  • burnihhell.live
  • get-the-prize-ht4.live
  • animalsongcold.xyz
  • actspokemethod.xyz
  • ns2.lopoloda.xyz
  • allowcertainstone.xyz
  • alwaysgraystory.xyz
  • appearstraightself.xyz
  • winner-g7sf.live
  • ns1.fastthinkingdns.com
  • animalcreatemen.xyz
  • ageninewear.xyz
  • prize-of-5win.live
  • ns2.famouscloudcaptain.com
  • afraidgrayanswer.xyz
  • animallinesection.xyz
  • alwaysmenfair.xyz
  • ns2.clevercloudns.com
  • andfighttotal.xyz
  • allowthoughtpush.xyz
  • ns1.lopoloda.xyz
  • agreefacttype.xyz
  • winner-g2sf.live
  • aboveheldtouch.xyz
  • prize-of-2win.live
  • get-the-prize-ht5.live
  • amongconditionas.xyz
  • get-the-prize-ht9.live
  • xmas-prize-p2z.live
  • cthjrl.senseagreepaper.xyz
  • appearweregirl.xyz
  • get-the-prize-ht3.live
  • winner-g9sf.live
  • genericrockstorage.com
  • get-the-prize-ht2.live
  • agreefactnation.xyz
  • afraidordersky.xyz
  • aboutoildesign.xyz
  • ablearewild.xyz
  • askstickamong.xyz
  • appletemperatureright.xyz
  • ns1.famouscloudcaptain.com
  • aresilenthouse.xyz
  • armdryhappy.xyz
  • winner-g3sf.live
  • winner-g4sf.live
  • xmas-prize-p1z.live
  • prize-of-6win.live
  • allowspeednature.xyz
  • artofanger.xyz
  • arrivedeathfind.xyz
  • prize-of-8win.live
  • ns1.dnstechnoprovider.com
  • prize-of-7win.live
  • ns2.plaindnsprovider.com
  • againstmostborn.xyz
  • alwaystogetherconsonant.xyz
  • armnosecity.xyz
  • ns1.supersonicdns.com
  • get-the-prize-ht7.live
  • arefinalwear.xyz
  • againstsegmentyellow.xyz
  • appleangertree.xyz
  • ascurrentonce.xyz
  • aloneyoungour.xyz
  • get-the-prize-ht1.live
  • xmas-prize-p6z.live
  • ns1.plaindnsprovider.com
  • winner-g8sf.live
  • ns2.fastthinkingdns.com
  • ns1.clevercloudns.com
  • againstsongparticular.xyz
  • appearnumeralsubstance.xyz
  • xmas-prize-p9z.live
  • xmas-prize-p3z.live
  • prize-of-1win.live
  • genericstorageplace.com
  • agreespeechfollow.xyz
  • aloneflybox.xyz
  • prize-of-3win.live
  • anroadship.xyz
  • xmas-prize-p8z.live
  • airopengo.xyz
  • alwaysothermillion.xyz
  • ns2.supersonicdns.com
  • amongcitylearn.xyz
  • airpathinch.xyz
  • amdangeroccur.xyz
  • get-the-prize-ht8.live
  • ns2.dnstechnoprovider.com
  • winner-g6sf.live
  • xmas-prize-p5z.live
  • artclassmean.xyz
  • prize-of-9win.live
  • anysetcenter.xyz
  • xmas-prize-p7z.live
  • prize-of-4win.live
  • winner-g5sf.live
  • allowdivisionwood.xyz
  • universalrock-storage.com
  • angerfeeltouch.xyz
  • xmas-prize-p4z.live
  • arevowelwire.xyz
  • get-the-prize-ht6.live
  • rockstorageplace.com
Intrusion set :
  • VexTrio
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.