ioc[.]one - OSINT Cyber Threat Intelligence Database

GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Tags

attack-pattern:

Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Launchctl - T1569.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Launchctl - T1152

Show in Graph

Common Information

Type	Value
UUID	0b9c0263-e8c8-4156-9e8c-02ae0591d717
Fingerprint	9d90f51bfcc635d3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 16, 2022, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	lgandx/Responder
Title	GitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Detected Hints/Tags/Attributes	50/1/40

Source URLs

	Redirection	Url
Details	Source	https://github.com/lgandx/Responder

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	Value
Details	Domain	1175	gmail.com
Details	Domain	2	g-laurent.blogspot.com
Details	Domain	2	icmp-redirect.py
Details	Domain	3	dhcp.py
Details	Domain	359	com.apple
Details	Domain	27	responder.py
Details	Domain	7	paypal.me
Details	Domain	17	www.patreon.com
Details	Domain	98	www.secureworks.com
Details	Domain	12	www.synacktiv.com
Details	Domain	12	www.blackhillsinfosec.com
Details	Domain	19	www.trustedsec.com
Details	Domain	1	www.redsiege.com
Details	Domain	1	www.open-sec.com
Details	Domain	35	www.gnu.org
Details	Email	3	laurent.gaffie@gmail.com
Details	File	2	icmp-redirect.py
Details	File	3	dhcp.py
Details	File	3	responder-session.log
Details	File	1	analyzer-session.log
Details	File	2	poisoners-session.log
Details	File	2	kdc.pl
Details	File	3	mdnsresponder.pl
Details	File	2	smbd.pl
Details	File	2	netbiosd.pl
Details	File	25	responder.py
Details	File	13	wpad.dat
Details	IPv4	1	10.0.0.21
Details	IPv4	1	10.0.0.22
Details	IPv6	1	2002:c0a8:f7:1:3ba8:aceb:b1a9:81ed
Details	Url	1	https://g-laurent.blogspot.com
Details	Url	2	https://paypal.me/pythonresponder
Details	Url	1	https://www.patreon.com/pythonresponder
Details	Url	4	https://www.secureworks.com
Details	Url	1	https://www.synacktiv.com
Details	Url	1	http://www.blackhillsinfosec.com
Details	Url	2	https://www.trustedsec.com
Details	Url	1	https://www.redsiege.com
Details	Url	1	http://www.open-sec.com
Details	Url	3	http://www.gnu.org/licenses/.