A new variant of PlugX RAT, named Hodur, is being used by Mustang Panda against East and Southeast Asian entities, with a few in Europe and Africa too. Its phishing lures include a regional aid map for a European country, updated COVID-19 travel restrictions, and the Regulations of the European Parliament and of the Council. The infection ends with the deployment of the Hodur backdoor on the targeted Windows systems.