Adversaries using AdaptixC2 are likely establishing command and control communication through suspicious network traffic patterns associated with known IOCs. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify and mitigate potential compromise from advanced persistent threats leveraging this C2 infrastructure.
IOC Summary
Malware Family: AdaptixC2 Total IOCs: 3 IOC Types: ip:port
| Type | Value | Threat Type | First Seen | Confidence |
|---|---|---|---|---|
| ip:port | 45[.]147[.]28[.]58:42461 | botnet_cc | 2026-06-10 | 75% |
| ip:port | 23[.]95[.]220[.]192:43999 | botnet_cc | 2026-06-10 | 75% |
| ip:port | 107[.]175[.]87[.]234:65321 | botnet_cc | 2026-06-10 | 75% |
// Hunt for network connections to known malicious IPs
// Source: ThreatFox - AdaptixC2
let malicious_ips = dynamic(["45.147.28.58", "107.175.87.234", "23.95.220.192"]);
CommonSecurityLog
| where DestinationIP in (malicious_ips) or SourceIP in (malicious_ips)
| project TimeGenerated, SourceIP, DestinationIP, DestinationPort, DeviceAction, Activity
| order by TimeGenerated desc// Hunt in Defender for Endpoint network events
let malicious_ips = dynamic(["45.147.28.58", "107.175.87.234", "23.95.220.192"]);
DeviceNetworkEvents
| where RemoteIP in (malicious_ips)
| project Timestamp, DeviceName, RemoteIP, RemotePort, InitiatingProcessFileName, ActionType
| order by Timestamp desc| Sentinel Table | Notes |
|---|---|
CommonSecurityLog | Ensure this data connector is enabled |
DeviceNetworkEvents | Ensure this data connector is enabled |
Scenario: Legitimate scheduled job using hunting tool
Description: A system administrator schedules a daily job using the hunting tool to analyze network traffic for security anomalies.
Filter/Exclusion: process.name != "hunting"
Scenario: Admin task using adaptix CLI for network diagnostics
Description: An IT admin uses the adaptix command-line interface to perform network diagnostics and configuration checks.
Filter/Exclusion: process.name != "adaptix"
Scenario: Legitimate use of adaptix_c2 in a test environment
Description: A red team or security team uses the adaptix_c2 tool in a controlled test environment to simulate C2 communication.
Filter/Exclusion: process.parent_process_name != "test_env_launcher"
Scenario: System update or patching using adaptix package
Description: A system update or patching process includes the adaptix package as part of a software update.
Filter/Exclusion: process.name != "apt" OR process.name != "yum"
Scenario: Legitimate monitoring tool using adaptix for log analysis
Description: A security monitoring tool named adaptix is used to analyze system logs for suspicious activity.
Filter/Exclusion: process.name != "adaptix_monitor"