s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

TF-1815658 high

📛 Threat Title

Cobalt Strike: ip:port combination that is used for botnet Command&control (C&C) 59.173.55.109:443

Category: Cobalt Strike Published: Source updated: First seen: Last updated: Source: ThreatFox IOCs

Description

Indicator that identifies a botnet command&control server (C&C). IOC type: ip:port combination that is used for botnet Command&control (C&C). Attributed malware: Cobalt Strike (aliases: Agentemis,BEACON,CobaltStrike,cobeacon). Confidence: 100. Observed port: 443. First seen: 2026-05-17 16:01:31 UTC. Reporter: Erebu. Tags: apt41-barium, Cobalt-Strike, erebus-wraith.

Remediations (5)

  • Mitre Att&Ck®
    web:attack.mitre.org

    We would like to show you a description here but the site won't allow us.

  • Cobalt Strike
    web:download.cobaltstrike.com

    We would like to show you a description here but the site won't allow us.

  • www.akamai.com
    web:www.akamai.com

    We would like to show you a description here but the site won't allow us.

  • Counter-Terrorist (Concept) - Giant Bomb Video Game Wiki
    web:www.giantbomb.com

    Counter- Strike Counter-Terrorists in Counter- Strike 1.6 and Counter- Strike : Source are the opposing force of terrorists, counter-terrorists goals are to eliminate the terrorists and/or defuse a bomb (C4) which is planted in one of two bombsites, named Site A and Site B, maps which contain the bomb plant/defuse scenario are named accordingly, beginning with the suffix de_, examples of such maps ...

  • Games and mods development for Windows, Linux and Mac - ModDB
    web:www.moddb.com

    Games and mods development for Windows, Linux and Mac - ModDB

Indicators of Compromise (1)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

ipv4 59.173.55.109

IOC database

Type
ipv4
Value
59.173.55.109
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
ip:port combination that is used for botnet Command&control (C&C) attributed to Cobalt Strike

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (2)

  • Malpedia profile ThreatFox IOCs
  • ThreatFox IOC page ThreatFox IOCs

    Indicator that identifies a botnet command&control server (C&C). IOC type: ip:port combination that is used for botnet Command&control (C&C). Attributed malware: Cobalt Strike (aliases: Agentemis,BEACON,CobaltStrike,cobeacon). Confidence: 100. Observed port: 443. First seen: 2026-05-17 16:01:31 UTC. Reporter: Erebu. Tags: apt41-barium, Cobalt-Strike, erebus-wraith.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

VirusTotal Information

loading…

IP Geolocation

Loading…