Ransomware-as-a-Service (RaaS)
Double Extortion (Exfiltration/Encryption/Extortion)
Custom C++ Malware Development
Credential Harvesting (via TeamPCP partnership)
Supply Chain Attacks
Disabling Windows Defender (SetMpPreference)
Volume Shadow Copy Deletion
Event Log Clearing
Lateral Movement via PowerShell and CIM sessions
Safe Mode Execution
Monero-only Payments
TOR-based Data Leak Sites
qTox-based communication