The hunt hypothesis detects potential AdaptixC2 command and control activity through identified IOCs, indicating possible compromise of endpoints. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify and mitigate advanced persistent threats before they escalate.
IOC Summary
Malware Family: AdaptixC2 Total IOCs: 2 IOC Types: ip:port
| Type | Value | Threat Type | First Seen | Confidence |
|---|---|---|---|---|
| ip:port | 47[.]77[.]185[.]181:4321 | botnet_cc | 2026-03-19 | 100% |
| ip:port | 43[.]156[.]245[.]214:9999 | botnet_cc | 2026-03-19 | 100% |
// Hunt for network connections to known malicious IPs
// Source: ThreatFox - AdaptixC2
let malicious_ips = dynamic(["47.77.185.181", "43.156.245.214"]);
CommonSecurityLog
| where DestinationIP in (malicious_ips) or SourceIP in (malicious_ips)
| project TimeGenerated, SourceIP, DestinationIP, DestinationPort, DeviceAction, Activity
| order by TimeGenerated desc// Hunt in Defender for Endpoint network events
let malicious_ips = dynamic(["47.77.185.181", "43.156.245.214"]);
DeviceNetworkEvents
| where RemoteIP in (malicious_ips)
| project Timestamp, DeviceName, RemoteIP, RemotePort, InitiatingProcessFileName, ActionType
| order by Timestamp desc| Sentinel Table | Notes |
|---|---|
CommonSecurityLog | Ensure this data connector is enabled |
DeviceNetworkEvents | Ensure this data connector is enabled |
Scenario: Legitimate scheduled job using hunting package
Description: A system administrator schedules a daily job using the hunting package to analyze network traffic for security purposes.
Filter/Exclusion: process.name != "hunting"
Scenario: Admin task using adaptix for log analysis
Description: A security analyst uses the adaptix tool to parse and analyze system logs for anomalies.
Filter/Exclusion: process.name != "adaptix"
Scenario: PowerShell script using Get-Hunting cmdlet
Description: A script runs Get-Hunting to retrieve historical data for forensic analysis.
Filter/Exclusion: process.name != "powershell.exe" OR process.name != "Get-Hunting"
Scenario: CI/CD pipeline using hunting for artifact scanning
Description: A DevOps pipeline uses the hunting tool to scan for malicious artifacts in build packages.
Filter/Exclusion: process.name != "hunting" OR user.name != "ci-user"
Scenario: System update using adaptix for package management
Description: A system update process uses adaptix to manage and deploy software packages.
Filter/Exclusion: process.name != "adaptix" OR event_id != "1000"