Adversaries using AdaptixC2 are likely establishing command and control channels to exfiltrate data and maintain persistence within the network. SOC teams should proactively hunt for these IOCs in Azure Sentinel to identify and disrupt early-stage compromise attempts by threat actors leveraging this C2 infrastructure.
IOC Summary
Malware Family: AdaptixC2 Total IOCs: 3 IOC Types: ip:port
| Type | Value | Threat Type | First Seen | Confidence |
|---|---|---|---|---|
| ip:port | 88[.]119[.]167[.]142:443 | botnet_cc | 2026-05-25 | 100% |
| ip:port | 88[.]119[.]167[.]142:80 | botnet_cc | 2026-05-25 | 100% |
| ip:port | 88[.]119[.]167[.]142:8080 | botnet_cc | 2026-05-25 | 100% |
// Hunt for network connections to known malicious IPs
// Source: ThreatFox - AdaptixC2
let malicious_ips = dynamic(["88.119.167.142"]);
CommonSecurityLog
| where DestinationIP in (malicious_ips) or SourceIP in (malicious_ips)
| project TimeGenerated, SourceIP, DestinationIP, DestinationPort, DeviceAction, Activity
| order by TimeGenerated desc// Hunt in Defender for Endpoint network events
let malicious_ips = dynamic(["88.119.167.142"]);
DeviceNetworkEvents
| where RemoteIP in (malicious_ips)
| project Timestamp, DeviceName, RemoteIP, RemotePort, InitiatingProcessFileName, ActionType
| order by Timestamp desc| Sentinel Table | Notes |
|---|---|
CommonSecurityLog | Ensure this data connector is enabled |
DeviceNetworkEvents | Ensure this data connector is enabled |
Scenario: Legitimate scheduled job using hunting tool
Description: A system administrator schedules a daily job using the hunting tool to analyze network traffic for security anomalies.
Filter/Exclusion: process.name != "hunting"
Scenario: Admin task using adaptix CLI for configuration management
Description: A system administrator uses the adaptix command-line interface (CLI) to configure network devices or update system settings.
Filter/Exclusion: process.name != "adaptix"
Scenario: Legitimate use of adaptix_c2 in a red team exercise
Description: During a security training exercise, a red team member uses the adaptix_c2 tool to simulate C2 communication for incident response testing.
Filter/Exclusion: process.name != "adaptix_c2" OR process.parent.name == "redteam_tool"
Scenario: System update using adaptix package manager
Description: A package manager like apt or yum installs the adaptix package as part of a system update or patching process.
Filter/Exclusion: process.name != "apt" AND process.name != "yum"
Scenario: Log analysis tool using adaptix for log parsing
Description: A log analysis tool such as adaptix_log_parser is used to process and analyze system logs for compliance or security purposes.
Filter/Exclusion: process.name != "adaptix_log_parser"