APT / THREAT GROUP
BigViktor
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
A DDoS bot abusing CVE-2020-8515 to target DrayTek Vigor routers. It uses a wordlist-based DGA to generate its C&C domains.
Threat Analysis
BigViktor is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
BigViktorelf.bigviktor
External Intelligence
Malpedia: elf.bigviktorResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.