RedEcho

· ATT&CK GroupG1042

Techniques

Software

Tactics

Aliases

Description

RedEcho is a People’s Republic of China-related threat actor associated with long-running intrusions in Indian critical infrastructure entities. RedEcho overlaps with various other PRC-linked threat groups, such as APT41, and is linked to ShadowPad malware use through shared infrastructure.(Citation: RecordedFuture RedEcho 2021)(Citation: RecordedFuture RedEcho 2022)

Tactic Coverage

command and control (4)resource development (1)

Techniques Used (5)

T1071.001Web Protocols

command and control

T1568Dynamic Resolution

command and control

T1571Non-Standard Port

command and control

T1573.002Asymmetric Cryptography

command and control

T1583.001Domains

resource development

Software Used (1)

S0596ShadowPadmalware

References (3)

https://attack.mitre.org/groups/G1042 https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf https://go.recordedfuture.com/hubfs/reports/ta-2022-0406.pdf