From a62e3ba530ba5ae47f008cb98645694ee7f32edf Mon Sep 17 00:00:00 2001
From: Sebdraven <sebdraven@protonmail.com>
Date: Tue, 30 Mar 2021 12:10:50 +0200
Subject: [PATCH 1/3] Update threat-actor.json

add redecho threat actor
---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d3bb454..edc3839 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8501,6 +8501,17 @@
       },
       "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",
       "value": "HAFNIUM"
+    },
+    {
+      "description": "RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat activity groups",
+      "meta": {
+        "refs": [
+        	"https://www.recordedfuture.com/redecho-targeting-indian-power-sector/",
+        	"https://therecord.media/redecho-group-parks-domains-after-public-exposure/"
+        ]
+      },
+      "uuid": "986fcc3f-5f36-4975-bf5f-c42524466bbd",
+      "value": "RedEcho"
     }
   ],
   "version": 199

From 4ed4cebcee9e4b5adf0334c46f1e663eba792feb Mon Sep 17 00:00:00 2001
From: Sebdraven <sebdraven@protonmail.com>
Date: Tue, 30 Mar 2021 12:16:22 +0200
Subject: [PATCH 2/3] Update threat-actor.json

format json
---
 clusters/threat-actor.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index edc3839..a587e46 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8515,4 +8515,4 @@
     }
   ],
   "version": 199
-}
+}
\ No newline at end of file

From b082977b9fa3dc051a1df147afacb34a9d724b7c Mon Sep 17 00:00:00 2001
From: sebdraven <sebdraven@protonmail.com>
Date: Tue, 30 Mar 2021 10:22:35 +0000
Subject: [PATCH 3/3] validation ok

---
 clusters/threat-actor.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a587e46..acf1649 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8506,8 +8506,8 @@
       "description": "RedEcho: The group made heavy use of AXIOMATICASYMPTOTE — a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat activity groups",
       "meta": {
         "refs": [
-        	"https://www.recordedfuture.com/redecho-targeting-indian-power-sector/",
-        	"https://therecord.media/redecho-group-parks-domains-after-public-exposure/"
+          "https://www.recordedfuture.com/redecho-targeting-indian-power-sector/",
+          "https://therecord.media/redecho-group-parks-domains-after-public-exposure/"
         ]
       },
       "uuid": "986fcc3f-5f36-4975-bf5f-c42524466bbd",
@@ -8515,4 +8515,4 @@
     }
   ],
   "version": 199
-}
\ No newline at end of file
+}