In Februrary, Record Futur publishes an article about a campaign against the Indian Power Sector Amid Heightened Border Tensions by RedEcho
After my investigation with the RiskIQ passive DNS, I found many IOCs interesting.
The domain ntpc-co.com is the most interesting. This domains has been resolved on two IPs : 18.104.22.168 and 22.214.171.124.
And this IPs have two certificates SSL linked 2d2d79c478e92a7de25e661ff1a68de0833b9d9b and 0a71519f5549b21510410cdf4a85701489676ddb.
With theses certificates, we can found many IPs published in the article of Record Future.
And a new IP published yesterday: 126.96.36.199
So these two certificates are more important to have a good view of the Infrastruscture of RedEcho. But, these certificates are linked to ShadowPad Infrastructure which used by others APT chineses groups.