Hunting Pandas

This report investigates infrastructure associated with Mustang Panda/Red Delta, pivoting from an external malware analysis to identify related domains, IPs, header/banner hashes, and JARM fingerprints, with patterns across specific ASNs. The analysis surfaces additional infrastructure, connects findings to PlugX activity, and notes potential operational overlap with APT41, culminating in a consolidated IoC set with confidence levels for hunting and detection.