Description
[RedEcho](https://attack.mitre.org/groups/G1042) is a People’s Republic of China-related threat actor associated with long-running intrusions in Indian critical infrastructure entities. [RedEcho](https://attack.mitre.org/groups/G1042) overlaps with various other PRC-linked threat groups, such as [APT41](https://attack.mitre.org/groups/G0096), and is linked to [ShadowPad](https://attack.mitre.org/software/S0596) malware use through shared infrastructure.(Citation: RecordedFuture RedEcho 2021)(Citation: RecordedFuture RedEcho 2022)
Techniques Used (TTPs)
- T1568 — Dynamic Resolution (command-and-control)
- T1071.001 — Web Protocols (command-and-control)
- T1571 — Non-Standard Port (command-and-control)
- T1573.002 — Asymmetric Cryptography (command-and-control)
- T1583.001 — Domains (resource-development)
Total TTPs: 5
Malware & Tools
Malware: ShadowPad