Evasive Panda APT poisons DNS requests to deliver MgBot

**Evasive Panda (aka Bronze Highland/Daggerfly/StormBamboo) ran a highly targeted, multi-stage AitM campaign from Nov 2022–Nov 2024 that leveraged fake updaters, DNS poisoning, custom loaders and in-memory injection to deploy the MgBot implant; the report details infection vectors, loader and shellcode behavior, hybrid DPAPI/RC5 payload storage, persistence mechanisms, victims in Türkiye/China/India, and numerous IoCs including file hashes, file paths and C2 IPs.**