Exploitation of public-facing applications (e.g., Microsoft Exchange)
Spear-phishing using malicious LNK files and MFA-intercepting React kits
Lateral movement via PsExec, WMIC, and PowerShell
Deployment of custom cryptographic wipers (PyDCrypt, DCSrv)
Telegram-based Command and Control (C2)
Disabling Windows Host Firewall via batch scripts
Use of obfuscated web shells for persistence