ZoqueLabs

ZoqueLabs ZoqueLabs.xyz feed https://zoquelabs.xyz/ Fri, 06 Mar 2026 22:19:29 +0000 Fri, 06 Mar 2026 22:19:29 +0000 Jekyll v3.10.0 Anomaly #3 ZoqueLabs Anomaly #3 - March 6, 2026 - Zoquelabs Threat Intelligence Bulletin 🦅 Fri, 06 Mar 2026 15:00:45 +0000 https://zoquelabs.xyz/anomaly/2026/03/06/Anomaly-3.html https://zoquelabs.xyz/anomaly/2026/03/06/Anomaly-3.html threat intelligence, spyware, platforms, security, surveillance, leaks Anomaly Anomalía #3 ZoqueLabs Anomalía #3 - 6 de Marzo 2026 - Boletín de inteligencia de amenazas de Zoquelabs 🦅 Fri, 06 Mar 2026 15:00:45 +0000 https://zoquelabs.xyz/anomalia/2026/03/06/Anomalia-3.html https://zoquelabs.xyz/anomalia/2026/03/06/Anomalia-3.html inteligencia de amenazas, spyware, plataformas, seguridad, vigilancia, filtraciones Anomalia Experimento 0x03: Los Diarios de Blind Eagle (parte 1): Analizando SVGs Maliciosos ZoqueLabs Primera entrega de un serie de articulos sobre Blind Eagle, un APT colombiano conocido por aprovechar infraestructura debil de entidades gubernamentales para engañar personas y hacerlas instalar malware. En esta ocación analizamos un nuevo vector de ataque de este grupo usando imagenes .SVG. Sat, 28 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/experimento/2026/02/28/diarios-de-blind-eagle-1.html https://zoquelabs.xyz/experimento/2026/02/28/diarios-de-blind-eagle-1.html inteligencia de amenazas, blind eagle, svg, forence, apt experimento Experiment 0x03: The Blind Eagle Diaries (part 1): Analyzing Malicious SVGs ZoqueLabs First installment in a series of articles about Blind Eagle, a Colombian APT known for taking advantage of weak infrastructure of government entities to trick people into installing malware. This time we analyze a new attack vector of this group using images -.SVG. Sat, 28 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/experiment/2026/02/28/blind-eagle-diaries-1.html https://zoquelabs.xyz/experiment/2026/02/28/blind-eagle-diaries-1.html threat intelligence, blind eagle, svg, forensics, apt experiment Anomalía #2 ZoqueLabs Anomalía #2 February 2026 - Zoquelabs Threat Intelligence Bulletin 🦅 Fri, 20 Feb 2026 19:00:45 +0000 https://zoquelabs.xyz/anomaly/2026/02/20/Anomaly-2.html https://zoquelabs.xyz/anomaly/2026/02/20/Anomaly-2.html threat intelligence, spyware, crashes, crashes, platforms, security, surveillance, leaks Anomaly Anomalía #2 ZoqueLabs Anomalía #2 Febrero 2026 - Boletín de inteligencia de amenazas de Zoquelabs 🦅 Fri, 20 Feb 2026 19:00:45 +0000 https://zoquelabs.xyz/anomalia/2026/02/20/Anomalia-2.html https://zoquelabs.xyz/anomalia/2026/02/20/Anomalia-2.html inteligencia de amenazas, spyware, caídas, bloqueos, plataformas, seguridad, vigilancia, filtraciones Anomalia Anomalía #1 ZoqueLabs Anomalía #1 February 2026 - Zoquelabs Threat Intelligence Bulletin 🦅 Fri, 06 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/anomaly/2026/02/06/Anomaly-1.html https://zoquelabs.xyz/anomaly/2026/02/06/Anomaly-1.html threat intelligence, spyware, crashes, platforms, security, surveillance, leaks Anomaly Anomalía #1 ZoqueLabs Anomalía #1 Febrero 2026 - Boletín de inteligencia de amenazas de Zoquelabs 🦅 Fri, 06 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/anomalia/2026/02/06/Anomalia-1.html https://zoquelabs.xyz/anomalia/2026/02/06/Anomalia-1.html inteligencia de amenazas, spyware, caídas, bloqueos, plataformas, seguridad, vigilancia, filtraciones Anomalia About ZOLIM ZoqueLabs ¿Què es ZOLIM? (Zoque-Observatorio Latinoamericano de Infraestructura Maliciosa) Thu, 05 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/zolim/2026/02/05/acerca-de-zolim.html https://zoquelabs.xyz/zolim/2026/02/05/acerca-de-zolim.html inteligencia de amenazas, spyware, c2 zolim About ZOLIM ZoqueLabs ¿Què es ZOLIM? (Zoque-Observatorio Latinoamericano de Infraestructura Maliciosa) Thu, 05 Feb 2026 05:00:45 +0000 https://zoquelabs.xyz/zolim/2026/02/05/about-zolim.html https://zoquelabs.xyz/zolim/2026/02/05/about-zolim.html inteligencia de amenazas, spyware, c2 zolim Anomalía #0 ZoqueLabs Anomalía #0 January 2026 - Zoquelabs Threat Intelligence Bulletin 🦅 Tue, 20 Jan 2026 05:00:45 +0000 https://zoquelabs.xyz/anomaly/2026/01/20/Anomaly-0.html https://zoquelabs.xyz/anomaly/2026/01/20/Anomaly-0.html threat intelligence, spyware, outages, blocks, platforms, security, surveillance, leaks Anomaly Anomalía #0 ZoqueLabs Anomalía #0 Enero 2026 - Boletín de inteligencia de amenazas de Zoquelabs 🦅 Tue, 20 Jan 2026 05:00:45 +0000 https://zoquelabs.xyz/anomalia/2026/01/20/Anomalia-0.html https://zoquelabs.xyz/anomalia/2026/01/20/Anomalia-0.html inteligencia de amenazas, spyware, caídas, bloqueos, plataformas, seguridad, vigilancia, filtraciones Anomalia Experimento 0x02: Inteligencia de amenazas: Buscando Seeker ZoqueLabs En este write-up exploramos el uso de Censys y Shodan para encontrar infraestructura maliciosa. Nos concentramos en un programa llamado Seeker que usa phishing para capturar la localización de dispositivos (y de las personas que los poseen). Luego organizamos todo en colander y exportamos reglas STIX2 con los IOCs recolectados y los usamos en MVT. Fri, 26 Sep 2025 15:40:45 +0000 https://zoquelabs.xyz/threat_intel/2025/09/26/Experimento-0x02-Buscando-Seeker.html https://zoquelabs.xyz/threat_intel/2025/09/26/Experimento-0x02-Buscando-Seeker.html seeker censys shodan segfault opsec hacking colander mvt stix2 threat_intel Experiment 0x02: Threat Intelligence: Seeking Seeker ZoqueLabs In this write-up we explore the use of Censys and Shodan to find malicious infrastructure. We focus on a program called Seeker that uses phishing to capture the location of devices (and the people who own them). Then we organize everything in colander and export STIX2 rules with the collected IOCs and use them in MVT. Fri, 26 Sep 2025 15:38:45 +0000 https://zoquelabs.xyz/threat_intel/2025/09/26/Experiment-0x02-Seeking-Seeker.html https://zoquelabs.xyz/threat_intel/2025/09/26/Experiment-0x02-Seeking-Seeker.html seeker censys shodan segfault opsec hacking colander mvt stix2 threat_intel Verifying Android apps in VirusTotal with their hashes ZoqueLabs Mini-tutorial to investigate lists of app hashes in Virus Total Tue, 10 Jun 2025 00:00:00 +0000 https://zoquelabs.xyz/android/forensics/2025/06/10/Verifying-lists-of-hash-apps.html https://zoquelabs.xyz/android/forensics/2025/06/10/Verifying-lists-of-hash-apps.html android forensics virustotal vt hash collections collections malware android forensics Verificando apps de Android en VirusTotal con sus hashes ZoqueLabs Mini-tutorial para investigar listas de hashes de apps en Virus Total Tue, 10 Jun 2025 00:00:00 +0000 https://zoquelabs.xyz/android/forense/2025/06/10/Verificando-listas-hash-apps.html https://zoquelabs.xyz/android/forense/2025/06/10/Verificando-listas-hash-apps.html android forense virustotal vt hash colecciones collections malware android forense Experiment 0x01: Write an exploit for Android (CVE-2024-31317) and try to detect it ZoqueLabs In this write-up we write an exploit for Android 11, 12, 13 and 14 that exploits a _command injection_ in Zygote. Then, we try to find indicators that give away the exploit and we will do an MVT module test. Fri, 06 Jun 2025 00:00:00 +0000 https://zoquelabs.xyz/android/forense/exploit/2025/06/06/Write-an-exploit-Android-MVT.html https://zoquelabs.xyz/android/forense/exploit/2025/06/06/Write-an-exploit-Android-MVT.html cve-2024-31317 android adb mvt zygote android forense exploit Experimento 0x01: Escribir un exploit para Android (CVE-2024-31317) e intentar detectarlo ZoqueLabs En este write-up escribimos un exploit para Android 11, 12, 13 y 14 que explota un _command injection_ en Zygote. Luego, intentamos encontrar indicadores que delaten la explotación y haremos una ptueba de módulo de MVT. Thu, 05 Jun 2025 00:00:00 +0000 https://zoquelabs.xyz/android/forense/exploit/2025/06/05/Escribiendo-exploit-Android-MVT.html https://zoquelabs.xyz/android/forense/exploit/2025/06/05/Escribiendo-exploit-Android-MVT.html cve-2024-0044 run-as adb mvt zygote android forense exploit Experiment 0x00 - Exploring CVE-2024-0044 Traces ZoqueLabs In this write-up we do our first exploration into Android exploitation using the CVE-2024-0044 vulnerability (a rare bypass of a command called run-as) and how to detect such exploitation. Sat, 31 May 2025 18:12:45 +0000 https://zoquelabs.xyz/android/forensics/exploit/2025/05/31/Exploiting_CVE-2024-0044.html https://zoquelabs.xyz/android/forensics/exploit/2025/05/31/Exploiting_CVE-2024-0044.html android forensics exploit cve-2024-0044 run-as adb android forensics exploit Experimento 0x00 - Explorando los rastros CVE-2024-0044 ZoqueLabs En este write-up hacemos nuestra primera exploración sobre explotación de Android usando la vulnerabilidad CVE-2024-0044 (un raro bypass de un comando llamado run-as) y sobre como detectar dicha explotación. Sat, 31 May 2025 18:12:45 +0000 https://zoquelabs.xyz/android/forense/exploit/2025/05/31/Explotando-CVE-2024-0044.html https://zoquelabs.xyz/android/forense/exploit/2025/05/31/Explotando-CVE-2024-0044.html android exploit forense cve-2024-0044 run-as adb android forense exploit