From a62e3ba530ba5ae47f008cb98645694ee7f32edf Mon Sep 17 00:00:00 2001 From: Sebdraven Date: Tue, 30 Mar 2021 12:10:50 +0200 Subject: [PATCH] Update threat-actor.json add redecho threat actor --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index d3bb454..edc3839 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -8501,6 +8501,17 @@ }, "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5", "value": "HAFNIUM" + }, + { + "description": "RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat activity groups", + "meta": { + "refs": [ + "https://www.recordedfuture.com/redecho-targeting-indian-power-sector/", + "https://therecord.media/redecho-group-parks-domains-after-public-exposure/" + ] + }, + "uuid": "986fcc3f-5f36-4975-bf5f-c42524466bbd", + "value": "RedEcho" } ], "version": 199