Snoozegnat.7z Link
Monitor for long-duration "sleep" processes that suddenly initiate external network connections.
: Once awake, it communicates with a hardcoded IP via HTTPS, disguised as standard telemetry traffic. Behavioral Indicators (IoCs) SnoozeGnat.7z
In the world of threat hunting, the most unassuming file names often hide the most sophisticated payloads. Today, we’re cracking open , an archive that has recently surfaced in several sandbox environments. This post explores the contents, execution flow, and potential indicators of compromise (IoCs) associated with this package. Overview of the Archive we’re cracking open