Skip to content
MalwareWiki

Malware

Responder

aka SpiderLabs Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication

Responder, also known as SpiderLabs Responder, is a Python malware family.

Background

Responder poisons LLMNR, NBT-NS and MDNS traffic and ships with rogue HTTP/SMB/MSSQL/FTP/LDAP authentication servers. These rogue servers handle NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Source: Malpedia (Fraunhofer FKIE).