xorhex logo


Focus on Threat Research through malware reverse engineering

Mlget - For all Your Malware Download Needs

Custom tool to download malware from a variety of sources. Can also upload to MWDB instances of your choosing; complete with comments and tags!


8-Minute Read


Mlget is a command line tool for facilitating the download of file hashes from multiple sources. Mlget supports the three common hash types: MD5, SHA1, and SHA256. Mlget also has the ability to upload to multiple MWDB instances.

RedDelta PlugX Undergoing Changes and Overlapping Again with Mustang Panda PlugX Infrastructure

New RedDelta PlugX variant undergoes revisions to slow down analysis. Extracted C2s link back to two known Mustang Panda command and control servers.


9-Minute Read

ImHex File Decryption

Mustang Panda (aka RedDelta, BRONZE PRESIDENT) is striving to make their PlugX variant more challenging to reverse statically. This RedDelta PlugX variant overlaps with instrastructure tied to Mustang Panda’s PlugX variant, something we’ve seen before. Mustang Panda is believed to be a Chinese nation-sponsored espionage group. Public reporting shows MustangPanda targeting non-government organizations (NGOs), including religious entities. They appear to focus locations in close…

Recent Posts



Hosting my custom tools, threat research, and general reverse engineering notes.