https://tavares.re/posts/ Recent content in Posts on tavares.re https://tavares.re/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://tavares.re/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- gohugo.io en Fri, 14 Nov 2025 00:00:00 +0000 https://tavares.re/into-the-vo1d-hunting-a-botnet-hidden-in-tv-boxes/ Fri, 14 Nov 2025 00:00:00 +0000 https://tavares.re/into-the-vo1d-hunting-a-botnet-hidden-in-tv-boxes/ 'Into the Vo1d' is both a deep dive into a resilient IoT botnet and a broader lesson in threat hunting. https://tavares.re/exfiltration-over-telegram-bots-skidding-infostealer-logs/ Wed, 16 Oct 2024 00:00:00 +0000 https://tavares.re/exfiltration-over-telegram-bots-skidding-infostealer-logs/ This blog post focuses on analyzing logs exfiltrated by infostealers, specifically to Telegram, through their Bot API. https://tavares.re/hunting-privateloader-malware-behind-installskey-ppi-service/ Tue, 27 Feb 2024 00:00:00 +0000 https://tavares.re/hunting-privateloader-malware-behind-installskey-ppi-service/ This widespread malware had some important updates recently and has been infecting 5000 systems daily. https://tavares.re/data-insights-agenttesla-and-originlogger-victims/ Tue, 09 Jan 2024 00:00:00 +0000 https://tavares.re/data-insights-agenttesla-and-originlogger-victims/ AgentTesla remains a prevalent commodity stealer, mainly distributed via email attachments. https://tavares.re/tofsee-botnet-proxying-and-mining/ Tue, 28 Mar 2023 00:00:00 +0000 https://tavares.re/tofsee-botnet-proxying-and-mining/ An overview of current activities of the Tofsee botnet. https://tavares.re/unpacking-colibri-loader-russian-apt-linked-campaign/ Wed, 30 Nov 2022 00:00:00 +0000 https://tavares.re/unpacking-colibri-loader-russian-apt-linked-campaign/ Unpacking of a recent ColibriLoader campaign along with some YARA rules to detect it. https://tavares.re/tracking-privateloader-malware-distribution-service/ Wed, 31 Aug 2022 00:00:00 +0000 https://tavares.re/tracking-privateloader-malware-distribution-service/ We identified 30 malware families distributed by PrivateLoader. https://tavares.re/hunting-privateloader-pay-per-install-service/ Mon, 06 Jun 2022 00:00:00 +0000 https://tavares.re/hunting-privateloader-pay-per-install-service/ The malware's uncommon string decryption technique enable us to write a Yara rule for detection and hunting purposes. https://tavares.re/flubot-persists-infecting-europe-and-australia/ Fri, 04 Feb 2022 00:00:00 +0000 https://tavares.re/flubot-persists-infecting-europe-and-australia/ This Android banker commonly spreads via SMS messages to the contacts on an infected device. https://tavares.re/suspicious-apps-pre-installed-on-cheap-android-devices/ Tue, 28 Apr 2020 00:00:00 +0000 https://tavares.re/suspicious-apps-pre-installed-on-cheap-android-devices/ BitSight’s sinkhole data shows that Brazil is the most affected country, followed by Russia and India. https://tavares.re/fraudulent-ads-sdk-installed-on-15-million-android-devices/ Fri, 08 Mar 2019 00:00:00 +0000 https://tavares.re/fraudulent-ads-sdk-installed-on-15-million-android-devices/ By using these SDKs, app developers are often unknowingly placing their users at risk and facilitating advertising fraud.