RedEcho
Associated Group Descriptions |
|
Name | Description |
---|---|
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .001 | Acquire Infrastructure: Domains |
RedEcho has registered domains spoofing Indian critical infrastructure entities.(Citation: RecordedFuture RedEcho 2021) |
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
RedEcho network activity is associated with SSL traffic via TCP 443 and proxied HTTP traffic over non-standard ports.(Citation: RecordedFuture RedEcho 2021) |
Enterprise | T1573 | .002 | Encrypted Channel: Asymmetric Cryptography |
RedEcho uses SSL for network communication.(Citation: RecordedFuture RedEcho 2021) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0596 | ShadowPad | (Citation: FireEye APT41 Aug 2019) (Citation: Kaspersky ShadowPad Aug 2017) (Citation: POISONPLUG.SHADOW) (Citation: Recorded Future RedEcho Feb 2021) (Citation: RecordedFuture RedEcho 2021) (Citation: RecordedFuture RedEcho 2022) (Citation: Securelist ShadowPad Aug 2017) | System Owner/User Discovery, Modify Registry, System Time Discovery, Indicator Removal, Deobfuscate/Decode Files or Information, Fileless Storage, Indicator Removal, System Network Configuration Discovery, Scheduled Transfer, Process Discovery, DNS, Non-Standard Encoding, File Transfer Protocols, Non-Application Layer Protocol, Obfuscated Files or Information, Web Protocols, Process Injection, System Information Discovery, Domain Generation Algorithms, Ingress Tool Transfer, Dynamic-link Library Injection |
References
- Recorded Future Insikt Group. (2021, February). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved November 21, 2024.
- Recorded Future Insikt Group. (2022, April 6). Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group. Retrieved November 21, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.