.. | ||
README.md |
Responder - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Responder. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.responder
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Responder:
There are 6 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Responder.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 3.10.155.160 | ec2-3-10-155-160.eu-west-2.compute.amazonaws.com | - | Medium |
2 | 3.12.70.100 | ec2-3-12-70-100.us-east-2.compute.amazonaws.com | - | Medium |
3 | 3.12.113.100 | ec2-3-12-113-100.us-east-2.compute.amazonaws.com | - | Medium |
4 | 3.19.132.170 | ec2-3-19-132-170.us-east-2.compute.amazonaws.com | - | Medium |
5 | 3.21.214.24 | ec2-3-21-214-24.us-east-2.compute.amazonaws.com | - | Medium |
6 | 3.65.94.188 | ec2-3-65-94-188.eu-central-1.compute.amazonaws.com | - | Medium |
7 | 3.121.141.12 | ec2-3-121-141-12.eu-central-1.compute.amazonaws.com | - | Medium |
8 | 3.128.165.237 | ec2-3-128-165-237.us-east-2.compute.amazonaws.com | - | Medium |
9 | 3.131.227.105 | ec2-3-131-227-105.us-east-2.compute.amazonaws.com | - | Medium |
10 | 3.132.230.8 | ec2-3-132-230-8.us-east-2.compute.amazonaws.com | - | Medium |
11 | 3.134.198.51 | ec2-3-134-198-51.us-east-2.compute.amazonaws.com | - | Medium |
12 | 3.138.120.116 | ec2-3-138-120-116.us-east-2.compute.amazonaws.com | - | Medium |
13 | 3.140.197.153 | ec2-3-140-197-153.us-east-2.compute.amazonaws.com | - | Medium |
14 | 3.141.110.210 | ec2-3-141-110-210.us-east-2.compute.amazonaws.com | - | Medium |
15 | 3.144.4.92 | ec2-3-144-4-92.us-east-2.compute.amazonaws.com | - | Medium |
16 | 3.218.78.81 | ec2-3-218-78-81.compute-1.amazonaws.com | - | Medium |
17 | 3.249.18.59 | ec2-3-249-18-59.eu-west-1.compute.amazonaws.com | - | Medium |
18 | 3.249.151.135 | ec2-3-249-151-135.eu-west-1.compute.amazonaws.com | - | Medium |
19 | 3.249.161.113 | ec2-3-249-161-113.eu-west-1.compute.amazonaws.com | - | Medium |
20 | 3.249.212.201 | ec2-3-249-212-201.eu-west-1.compute.amazonaws.com | - | Medium |
21 | 3.250.59.127 | ec2-3-250-59-127.eu-west-1.compute.amazonaws.com | - | Medium |
22 | 3.252.219.5 | ec2-3-252-219-5.eu-west-1.compute.amazonaws.com | - | Medium |
23 | 3.253.101.91 | ec2-3-253-101-91.eu-west-1.compute.amazonaws.com | - | Medium |
24 | 3.253.111.92 | ec2-3-253-111-92.eu-west-1.compute.amazonaws.com | - | Medium |
25 | 5.45.118.168 | testsuite | - | High |
26 | 8.219.195.188 | - | - | High |
27 | 12.181.65.210 | - | - | High |
28 | 13.37.231.184 | ec2-13-37-231-184.eu-west-3.compute.amazonaws.com | - | Medium |
29 | 13.50.105.97 | ec2-13-50-105-97.eu-north-1.compute.amazonaws.com | - | Medium |
30 | 13.58.85.225 | ec2-13-58-85-225.us-east-2.compute.amazonaws.com | - | Medium |
31 | 13.59.98.191 | ec2-13-59-98-191.us-east-2.compute.amazonaws.com | - | Medium |
32 | 13.87.92.152 | - | - | High |
33 | 15.184.211.28 | ec2-15-184-211-28.me-south-1.compute.amazonaws.com | - | Medium |
34 | 15.222.6.75 | ec2-15-222-6-75.ca-central-1.compute.amazonaws.com | - | Medium |
35 | 18.117.104.228 | ec2-18-117-104-228.us-east-2.compute.amazonaws.com | - | Medium |
36 | 18.118.140.42 | ec2-18-118-140-42.us-east-2.compute.amazonaws.com | - | Medium |
37 | 18.119.78.203 | ec2-18-119-78-203.us-east-2.compute.amazonaws.com | - | Medium |
38 | 18.133.125.105 | ec2-18-133-125-105.eu-west-2.compute.amazonaws.com | - | Medium |
39 | 18.143.148.26 | ec2-18-143-148-26.ap-southeast-1.compute.amazonaws.com | - | Medium |
40 | 18.188.0.172 | ec2-18-188-0-172.us-east-2.compute.amazonaws.com | - | Medium |
41 | 18.188.231.17 | ec2-18-188-231-17.us-east-2.compute.amazonaws.com | - | Medium |
42 | 18.189.1.24 | ec2-18-189-1-24.us-east-2.compute.amazonaws.com | - | Medium |
43 | 18.189.124.58 | ec2-18-189-124-58.us-east-2.compute.amazonaws.com | - | Medium |
44 | 18.190.119.137 | ec2-18-190-119-137.us-east-2.compute.amazonaws.com | - | Medium |
45 | 18.196.231.230 | ec2-18-196-231-230.eu-central-1.compute.amazonaws.com | - | Medium |
46 | 18.202.28.86 | ec2-18-202-28-86.eu-west-1.compute.amazonaws.com | - | Medium |
47 | 18.204.142.71 | egress.relaysecure.com | - | High |
48 | 18.208.213.147 | ec2-18-208-213-147.compute-1.amazonaws.com | - | Medium |
49 | 18.218.44.20 | ec2-18-218-44-20.us-east-2.compute.amazonaws.com | - | Medium |
50 | 18.220.53.56 | ec2-18-220-53-56.us-east-2.compute.amazonaws.com | - | Medium |
51 | 18.221.160.80 | ec2-18-221-160-80.us-east-2.compute.amazonaws.com | - | Medium |
52 | 18.222.81.233 | ec2-18-222-81-233.us-east-2.compute.amazonaws.com | - | Medium |
53 | 18.222.116.178 | ec2-18-222-116-178.us-east-2.compute.amazonaws.com | - | Medium |
54 | 20.13.154.2 | - | - | High |
55 | 20.14.18.67 | - | - | High |
56 | 20.49.161.22 | - | - | High |
57 | ... | ... | ... | ... |
There are 223 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Responder. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-22 | Pathname Traversal | High |
2 | T1055 | CWE-74 | Injection | High |
3 | T1059 | CWE-94 | Cross Site Scripting | High |
4 | ... | ... | ... | ... |
There are 11 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Responder. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /login/index.php |
High |
2 | File | /vendor/htmlawed/htmlawed/htmLawedTest.php |
High |
3 | File | /wp-content/plugins/updraftplus/admin.php |
High |
4 | ... | ... | ... |
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://search.censys.io/hosts/3.10.155.160
- https://search.censys.io/hosts/3.12.70.100
- https://search.censys.io/hosts/3.12.113.100
- https://search.censys.io/hosts/3.19.132.170
- https://search.censys.io/hosts/3.21.214.24
- https://search.censys.io/hosts/3.65.94.188
- https://search.censys.io/hosts/3.121.141.12
- https://search.censys.io/hosts/3.128.165.237
- https://search.censys.io/hosts/3.131.227.105
- https://search.censys.io/hosts/3.132.230.8
- https://search.censys.io/hosts/3.134.198.51
- https://search.censys.io/hosts/3.138.120.116
- https://search.censys.io/hosts/3.140.197.153
- https://search.censys.io/hosts/3.141.110.210
- https://search.censys.io/hosts/3.144.4.92
- https://search.censys.io/hosts/3.218.78.81
- https://search.censys.io/hosts/3.249.18.59
- https://search.censys.io/hosts/3.249.151.135
- https://search.censys.io/hosts/3.249.161.113
- https://search.censys.io/hosts/3.249.212.201
- https://search.censys.io/hosts/3.250.59.127
- https://search.censys.io/hosts/3.252.219.5
- https://search.censys.io/hosts/3.253.101.91
- https://search.censys.io/hosts/3.253.111.92
- https://search.censys.io/hosts/5.45.118.168
- https://search.censys.io/hosts/8.219.195.188
- https://search.censys.io/hosts/12.181.65.210
- https://search.censys.io/hosts/13.37.231.184
- https://search.censys.io/hosts/13.50.105.97
- https://search.censys.io/hosts/13.58.85.225
- https://search.censys.io/hosts/13.59.98.191
- https://search.censys.io/hosts/13.87.92.152
- https://search.censys.io/hosts/15.184.211.28
- https://search.censys.io/hosts/15.222.6.75
- https://search.censys.io/hosts/18.117.104.228
- https://search.censys.io/hosts/18.118.140.42
- https://search.censys.io/hosts/18.119.78.203
- https://search.censys.io/hosts/18.133.125.105
- https://search.censys.io/hosts/18.143.148.26
- https://search.censys.io/hosts/18.188.0.172
- https://search.censys.io/hosts/18.188.231.17
- https://search.censys.io/hosts/18.189.1.24
- https://search.censys.io/hosts/18.189.124.58
- https://search.censys.io/hosts/18.190.119.137
- https://search.censys.io/hosts/18.196.231.230
- https://search.censys.io/hosts/18.202.28.86
- https://search.censys.io/hosts/18.204.142.71
- https://search.censys.io/hosts/18.208.213.147
- https://search.censys.io/hosts/18.218.44.20
- https://search.censys.io/hosts/18.220.53.56
- https://search.censys.io/hosts/18.221.160.80
- https://search.censys.io/hosts/18.222.81.233
- https://search.censys.io/hosts/18.222.116.178
- https://search.censys.io/hosts/20.13.154.2
- https://search.censys.io/hosts/20.14.18.67
- https://search.censys.io/hosts/20.49.161.22
- https://search.censys.io/hosts/20.51.172.81
- https://search.censys.io/hosts/20.74.179.106
- https://search.censys.io/hosts/20.92.142.158
- https://search.censys.io/hosts/20.123.192.253
- https://search.censys.io/hosts/20.203.214.18
- https://search.censys.io/hosts/20.204.3.168
- https://search.censys.io/hosts/20.221.250.187
- https://search.censys.io/hosts/20.225.61.98
- https://search.censys.io/hosts/20.232.138.101
- https://search.censys.io/hosts/23.239.17.231
- https://search.censys.io/hosts/24.112.21.157
- https://search.censys.io/hosts/34.31.119.155
- https://search.censys.io/hosts/34.89.32.20
- https://search.censys.io/hosts/34.107.117.33
- https://search.censys.io/hosts/34.201.16.153
- https://search.censys.io/hosts/34.204.1.224
- https://search.censys.io/hosts/34.241.117.155
- https://search.censys.io/hosts/34.242.230.191
- https://search.censys.io/hosts/34.244.155.135
- https://search.censys.io/hosts/34.247.174.193
- https://search.censys.io/hosts/34.247.180.46
- https://search.censys.io/hosts/34.252.16.250
- https://search.censys.io/hosts/34.254.63.103
- https://search.censys.io/hosts/35.171.153.152
- https://search.censys.io/hosts/35.180.123.217
- https://search.censys.io/hosts/35.180.238.137
- https://search.censys.io/hosts/35.242.163.216
- https://search.censys.io/hosts/35.246.23.156
- https://search.censys.io/hosts/35.246.116.51
- https://search.censys.io/hosts/37.139.20.46
- https://search.censys.io/hosts/38.32.80.165
- https://search.censys.io/hosts/38.64.65.8
- https://search.censys.io/hosts/38.123.247.211
- https://search.censys.io/hosts/40.118.62.149
- https://search.censys.io/hosts/43.159.46.228
- https://search.censys.io/hosts/44.202.111.183
- https://search.censys.io/hosts/44.203.207.207
- https://search.censys.io/hosts/44.204.136.58
- https://search.censys.io/hosts/45.33.39.117
- https://search.censys.io/hosts/45.33.66.128
- https://search.censys.io/hosts/45.33.73.196
- https://search.censys.io/hosts/45.33.105.239
- https://search.censys.io/hosts/45.56.66.73
- https://search.censys.io/hosts/45.56.121.8
- https://search.censys.io/hosts/45.95.202.23
- https://search.censys.io/hosts/45.135.135.132
- https://search.censys.io/hosts/45.137.117.144
- https://search.censys.io/hosts/46.101.201.97
- https://search.censys.io/hosts/46.137.38.121
- https://search.censys.io/hosts/46.161.52.181
- https://search.censys.io/hosts/50.207.70.160
- https://search.censys.io/hosts/50.220.18.251
- https://search.censys.io/hosts/51.83.249.137
- https://search.censys.io/hosts/51.91.255.96
- https://search.censys.io/hosts/51.255.5.104
- https://search.censys.io/hosts/52.3.246.29
- https://search.censys.io/hosts/52.9.8.91
- https://search.censys.io/hosts/52.14.219.131
- https://search.censys.io/hosts/52.22.139.253
- https://search.censys.io/hosts/52.58.17.125
- https://search.censys.io/hosts/52.143.142.21
- https://search.censys.io/hosts/52.148.136.164
- https://search.censys.io/hosts/52.176.39.204
- https://search.censys.io/hosts/52.237.219.78
- https://search.censys.io/hosts/54.74.113.22
- https://search.censys.io/hosts/54.74.116.114
- https://search.censys.io/hosts/54.163.53.159
- https://search.censys.io/hosts/54.163.149.166
- https://search.censys.io/hosts/54.194.154.122
- https://search.censys.io/hosts/54.194.243.187
- https://search.censys.io/hosts/54.205.140.17
- https://search.censys.io/hosts/54.216.99.131
- https://search.censys.io/hosts/54.228.112.215
- https://search.censys.io/hosts/54.229.180.175
- https://search.censys.io/hosts/62.10.74.27
- https://search.censys.io/hosts/62.182.159.155
- https://search.censys.io/hosts/63.32.112.45
- https://search.censys.io/hosts/63.33.70.163
- https://search.censys.io/hosts/64.73.162.11
- https://search.censys.io/hosts/64.226.68.20
- https://search.censys.io/hosts/64.226.100.189
- https://search.censys.io/hosts/64.227.34.214
- https://search.censys.io/hosts/64.227.37.134
- https://search.censys.io/hosts/64.227.99.90
- https://search.censys.io/hosts/65.108.196.151
- https://search.censys.io/hosts/66.109.142.164
- https://search.censys.io/hosts/66.225.35.229
- https://search.censys.io/hosts/67.204.14.215
- https://search.censys.io/hosts/68.183.52.177
- https://search.censys.io/hosts/69.61.107.214
- https://search.censys.io/hosts/78.47.126.26
- https://search.censys.io/hosts/78.128.99.215
- https://search.censys.io/hosts/80.85.155.43
- https://search.censys.io/hosts/82.65.153.201
- https://search.censys.io/hosts/86.3.50.68
- https://search.censys.io/hosts/86.105.227.103
- https://search.censys.io/hosts/88.119.171.155
- https://search.censys.io/hosts/88.218.194.37
- https://search.censys.io/hosts/89.17.153.8
- https://search.censys.io/hosts/89.29.128.9
- https://search.censys.io/hosts/91.245.253.74
- https://search.censys.io/hosts/92.204.160.126
- https://search.censys.io/hosts/94.34.46.13
- https://search.censys.io/hosts/94.34.157.201
- https://search.censys.io/hosts/94.34.158.234
- https://search.censys.io/hosts/94.103.81.107
- https://search.censys.io/hosts/94.131.12.133
- https://search.censys.io/hosts/94.177.123.109
- https://search.censys.io/hosts/95.214.55.202
- https://search.censys.io/hosts/98.70.2.57
- https://search.censys.io/hosts/98.117.29.23
- https://search.censys.io/hosts/103.56.55.109
- https://search.censys.io/hosts/103.179.98.83
- https://search.censys.io/hosts/104.131.3.28
- https://search.censys.io/hosts/104.194.222.50
- https://search.censys.io/hosts/104.237.11.5
- https://search.censys.io/hosts/107.148.131.107
- https://search.censys.io/hosts/109.120.182.2
- https://search.censys.io/hosts/109.248.6.221
- https://search.censys.io/hosts/109.248.6.246
- https://search.censys.io/hosts/109.250.180.168
- https://search.censys.io/hosts/109.250.181.60
- https://search.censys.io/hosts/120.138.18.160
- https://search.censys.io/hosts/120.138.26.178
- https://search.censys.io/hosts/128.106.194.222
- https://search.censys.io/hosts/128.199.35.229
- https://search.censys.io/hosts/128.199.149.75
- https://search.censys.io/hosts/129.21.35.238
- https://search.censys.io/hosts/130.61.236.166
- https://search.censys.io/hosts/131.246.5.26
- https://search.censys.io/hosts/134.122.68.71
- https://search.censys.io/hosts/134.122.91.68
- https://search.censys.io/hosts/134.209.28.104
- https://search.censys.io/hosts/134.209.83.148
- https://search.censys.io/hosts/134.209.175.249
- https://search.censys.io/hosts/134.210.3.102
- https://search.censys.io/hosts/135.125.190.193
- https://search.censys.io/hosts/135.125.236.143
- https://search.censys.io/hosts/137.184.24.157
- https://search.censys.io/hosts/137.184.91.206
- https://search.censys.io/hosts/138.68.172.182
- https://search.censys.io/hosts/138.197.40.125
- https://search.censys.io/hosts/138.197.186.95
- https://search.censys.io/hosts/139.162.138.252
- https://search.censys.io/hosts/139.162.185.21
- https://search.censys.io/hosts/142.93.242.149
- https://search.censys.io/hosts/143.198.0.217
- https://search.censys.io/hosts/143.198.11.108
- https://search.censys.io/hosts/143.198.62.76
- https://search.censys.io/hosts/143.198.105.12
- https://search.censys.io/hosts/146.70.35.153
- https://search.censys.io/hosts/146.71.79.148
- https://search.censys.io/hosts/146.190.223.51
- https://search.censys.io/hosts/147.182.152.233
- https://search.censys.io/hosts/149.28.176.160
- https://search.censys.io/hosts/157.230.217.169
- https://search.censys.io/hosts/157.245.113.142
- https://search.censys.io/hosts/157.245.118.196
- https://search.censys.io/hosts/159.65.130.138
- https://search.censys.io/hosts/159.89.136.178
- https://search.censys.io/hosts/159.203.143.27
- https://search.censys.io/hosts/159.223.76.66
- https://search.censys.io/hosts/161.35.110.235
- https://search.censys.io/hosts/161.35.122.12
- https://search.censys.io/hosts/165.22.36.210
- https://search.censys.io/hosts/165.22.40.22
- https://search.censys.io/hosts/165.22.47.224
- https://search.censys.io/hosts/165.227.112.99
- https://search.censys.io/hosts/165.227.191.106
- https://search.censys.io/hosts/165.232.154.39
- https://search.censys.io/hosts/167.71.168.208
- https://search.censys.io/hosts/167.71.252.5
- https://search.censys.io/hosts/167.99.113.2
- https://search.censys.io/hosts/167.99.191.228
- https://search.censys.io/hosts/167.172.26.52
- https://search.censys.io/hosts/167.172.44.218
- https://search.censys.io/hosts/168.235.67.214
- https://search.censys.io/hosts/170.64.152.14
- https://search.censys.io/hosts/170.64.168.1
- https://search.censys.io/hosts/170.64.168.228
- https://search.censys.io/hosts/172.96.137.14
- https://search.censys.io/hosts/172.96.137.139
- https://search.censys.io/hosts/172.96.137.149
- https://search.censys.io/hosts/172.104.239.242
- https://search.censys.io/hosts/172.105.122.176
- https://search.censys.io/hosts/173.82.120.231
- https://search.censys.io/hosts/174.138.72.74
- https://search.censys.io/hosts/176.97.73.54
- https://search.censys.io/hosts/178.62.3.164
- https://search.censys.io/hosts/178.79.164.166
- https://search.censys.io/hosts/178.128.207.34
- https://search.censys.io/hosts/185.193.125.146
- https://search.censys.io/hosts/185.224.129.221
- https://search.censys.io/hosts/185.225.70.149
- https://search.censys.io/hosts/185.227.82.72
- https://search.censys.io/hosts/188.124.41.34
- https://search.censys.io/hosts/188.166.41.114
- https://search.censys.io/hosts/189.38.106.100
- https://search.censys.io/hosts/190.12.102.167
- https://search.censys.io/hosts/192.52.167.199
- https://search.censys.io/hosts/192.241.193.93
- https://search.censys.io/hosts/193.46.199.253
- https://search.censys.io/hosts/193.105.134.244
- https://search.censys.io/hosts/193.142.30.29
- https://search.censys.io/hosts/193.149.185.71
- https://search.censys.io/hosts/194.37.97.138
- https://search.censys.io/hosts/194.67.103.231
- https://search.censys.io/hosts/196.219.55.74
- https://search.censys.io/hosts/198.199.108.132
- https://search.censys.io/hosts/198.211.103.135
- https://search.censys.io/hosts/200.40.79.11
- https://search.censys.io/hosts/201.174.115.4
- https://search.censys.io/hosts/203.41.157.231
- https://search.censys.io/hosts/207.106.237.59
- https://search.censys.io/hosts/207.244.237.10
- https://search.censys.io/hosts/209.38.212.41
- https://search.censys.io/hosts/209.114.125.120
- https://search.censys.io/hosts/209.222.17.15
- https://search.censys.io/hosts/213.32.72.95
- https://search.censys.io/hosts/213.227.155.89
- https://search.censys.io/hosts/213.232.235.37
- https://search.censys.io/hosts/216.238.108.203
- https://search.censys.io/hosts/216.238.111.216
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!