Datapedia


Overview Changelog
Special Properties_shodanlocation
Protocols and Productsamqpscreenshotafpairplayandroid_debug_bridgeauerswald_compact_seriesbacnetbgpbitcoincassandracheckpointchromachromecastcisco_anyconnectclickhousecloudcoapcobalt_strike_beaconcockroachdbcodesysconsulcouchbase_servercouchbase_sync_gatewaycouchdbdahuadahua_dvr_webdavdd_wrtdnsdockerdocker_registrydogecoin_nodedomoticzdraytek_vigorelasticepmdetcdethereum_p2pethereum_rpcethernetipfortinetftpgangliagl_inethandpunchhbasehikvisionhivehome_assistanthomebridgehomematic_ccuhoobshp_printer_embedded_web_serverhp_ilohpe_oneviewhttphubitatibm_db2influxdbip_cameraip_symconipmiipp_cupsisakmpiscsikafkaknxkuberneteskyocera_printer_panelmpdlantronixldaplitecoin_nodemdnsmicrosoft_exchangemilesight_routersmikrotik_routerosmikrotik_winboxmilvusminecraftmitsubishi_qmongodbmsrpcmssqlmssql_ssrpmqttmysqlmysqlxnatsndmpneo4j_browsernetbiosnetdatanetgearnmeanode_exporternsqntlmntpntripcomfyuiopen_diropenflowopenhabopenwebnetoracle_tnslsnrpcworxphilips_hueplexpptppqube3_power_analyzersquestdbqnapraspberry_shakerdp_encryptionrealportredisripripplersyncsamsung_tvsamsung_syncthru_web_serviceshellysiemens_s7skywalkingsmbsnmpsonicwallsonossony_braviaspotify_connectsshsslsteam_a2ssteam_ihsstunsupersetsynologysynology_dsmsynology_srmtacacstasmotatelnettibiatilginAB_home_gatewaytp_link_kasatp_link_kasa_newtrane_tracer_scubiquitiunitronics_pcomupnpvaultvertxvespavmwarevncwindows_exporterxiaomi_miioyeelightzeromq
Property
Search Queries  Example Data

cobalt_strike_beacon

Property Name Type Description Required
x64 CobaltStrikeBeaconDetails
x86 CobaltStrikeBeaconDetails

CobaltStrikeBeaconDetails

Property Name Type Description Required
beacon_type string Yes
dns-beacon.strategy_fail_seconds integer
dns-beacon.strategy_fail_x integer
dns-beacon.strategy_rotate_seconds integer
http-get.client array of string Yes
http-get.uri string Yes
http-get.verb string Yes
http-post.client array of string Yes
http-post.uri string Yes
http-post.verb string Yes
jitter integer
kill_date integer
maxgetsize integer Yes
port integer Yes
post-ex.spawnto_x64 string Yes
post-ex.spawnto_x86 string Yes
process-inject.execute array of string
process-inject.min_alloc integer
process-inject.startrwx integer
process-inject.userwx integer
proxy.behavior integer, string
sleeptime integer Yes
stage.cleanup integer
useragent_header string Yes
watermark integer


↑ TopSearch Queries
SearchCobalt Strike services
product:"cobalt strike beacon"

↑ TopExample 
{
    "x86": {
        "beacon_type": "HTTPS",
        "http-post.uri": "/submit.php",
        "sleeptime": 60000,
        "useragent_header": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)",
        "http-get.client": [
            "Cookie"
        ],
        "proxy.behavior": "2 (Use IE settings)",
        "maxgetsize": 1048576,
        "process-inject.userwx": 64,
        "process-inject.execute": [
            "CreateThread",
            "SetThreadContext",
            "CreateRemoteThread",
            "RtlCreateUserThread"
        ],
        "process-inject.startrwx": 64,
        "port": 443,
        "uses_cookies": 1,
        "server.publickey_md5": "0ce7b6482c1f24e42f2935f5026d338d",
        "post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
        "http-get.verb": "GET",
        "watermark": 1359593325,
        "post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
        "process-inject.stub": "0ce2f55444e4793516b5afe967be9255",
        "http-get.uri": "89.44.9.197,/visit.js",
        "http-post.client": [
            "Content-Type: application/octet-stream",
            "id"
        ],
        "http-post.verb": "POST"
    },
    "x64": {
        "beacon_type": "HTTPS",
        "http-post.uri": "/submit.php",
        "sleeptime": 60000,
        "useragent_header": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)",
        "http-get.client": [
            "Cookie"
        ],
        "proxy.behavior": "2 (Use IE settings)",
        "maxgetsize": 1048576,
        "process-inject.userwx": 64,
        "process-inject.execute": [
            "CreateThread",
            "SetThreadContext",
            "CreateRemoteThread",
            "RtlCreateUserThread"
        ],
        "process-inject.startrwx": 64,
        "port": 443,
        "uses_cookies": 1,
        "server.publickey_md5": "0ce7b6482c1f24e42f2935f5026d338d",
        "post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
        "http-get.verb": "GET",
        "watermark": 1359593325,
        "post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
        "process-inject.stub": "0ce2f55444e4793516b5afe967be9255",
        "http-get.uri": "89.44.9.197,/__utm.gif",
        "http-post.client": [
            "Content-Type: application/octet-stream",
            "id"
        ],
        "http-post.verb": "POST"
    }
}



Products
Pricing
Contact Us

Shodan ® - All rights reserved