Threat Actors Leveraging Open-Source AdaptixC2 in Real-world Attacks

In early May 2025, Unit 42 researchers observed multiple instances of AdaptixC2 being deployed to infect enterprise systems.

Unlike many high-profile command-and-control (C2) platforms, AdaptixC2 has flown under the radar, with scant public documentation demonstrating its use in live adversary operations.

Our research dissects AdaptixC2’s capabilities, deployment techniques, and evasion mechanisms to equip security teams with the knowledge needed to defend against this evolving threat.

AdaptixC2 is a newly identified, open-source post-exploitation and adversarial emulation framework originally created for penetration testers.

Palo Alto Networks customers benefit from protection via Advanced DNS Security, Advanced Threat Prevention, Advanced URL Filtering, Advanced WildFire, Cortex XDR, and XSIAM. For incident response assistance, contact the Unit 42 Incident Response team.

AdaptixC2 Overview and Capabilities

AdaptixC2 is a modular, open-source adversarial framework designed for red team operations.

The AdaptixC2 interface shows linked agents and sessions in a graphical view.