RedEcho Infrastructure

In Februrary, Record Futur publishes an article about a campaign against the Indian Power Sector Amid Heightened Border Tensions by RedEcho

After my investigation with the RiskIQ passive DNS, I found many IOCs interesting.

The domain is the most interesting. This domains has been resolved on two IPs : and

And this IPs have two certificates SSL linked 2d2d79c478e92a7de25e661ff1a68de0833b9d9b and 0a71519f5549b21510410cdf4a85701489676ddb.

With theses certificates, we can found many IPs published in the article of Record Future.

And a new IP published yesterday:

RedEcho group parks domains after public exposure | The Record by Recorded Future

So these two certificates are more important to have a good view of the Infrastruscture of RedEcho. But, these certificates are linked to ShadowPad Infrastructure which used by others APT chineses groups.

Overview of the infrastructure

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store