DLL Side-loading (e.g., wsprint.exe loading BugSplatRc64.dll)
BitTorrent-based C2 communication (via PeerTime)
Deployment of Operational Relay Boxes (ORBs) for brute-forcing
ProxyNotShell exploitation for initial access
Kernel-level driver deployment to disable security processes
Cross-platform persistence (Windows, Linux, ARM, MIPS, PowerPC, AArch64)
Web shell deployment on outdated Microsoft Exchange servers
Credential brute-forcing (SSH, Postgres, Tomcat)