: A legitimate, digitally signed executable used for "DLL side-loading." By using a trusted binary, the attacker lowers the suspicion level of the initial process start.
: Unusual POST requests to /api/v2/update on non-standard domains. SnoozeGnat.7z
SnoozeGnat is a classic example of "Living off the Land" (LotL) tactics combined with timing-based evasion. To protect your environment: : A legitimate, digitally signed executable used for
The SnoozeGnat.7z file is a compressed archive (7-Zip format) typically used to bypass basic email filters that struggle with nested or password-protected compression. SnoozeGnat.7z Compression Type: LZMA2 Initial Discovery: April 2026 To protect your environment: The SnoozeGnat
Information theft and persistent backdoor access. What’s Inside?
: The legitimate launcher looks for its required library. Because gnat_api.dll is in the same folder, it loads the malicious version instead of the system version.
Monitor for long-duration "sleep" processes that suddenly initiate external network connections.