First observed in 2020 and advertised on various cybercriminal forums as a 'Malware-as-a-Service' (MaaS) threat, Redline is an information stealer mainly targeting Windows' victim credentials and cryptocurrency wallets, as well as Browser information, FTP connections, game chat launchers, and OS information such as system hardware, processes names, time zone, IP, geolocation information, OS version, and default language.

Launched in September 2019 and formerly known as 'ABCD', LockBit is a ransomware-as-a-service (RaaS) threat that was updated in June 2021 and improved on the group’s earlier claims of having the fastest encryption process on the ransomware scene (Figure 1). Much like other RaaS offerings, LockBit operates an affiliate profit sharing program in which up-to eighty percent of a ransom payment can be earned whilst the operators claim the remainder.

Believed active since mid-2020, Conti is a big game hunter ransomware threat operated by a threat group identified as Wizard Spider and offer to affiliates as a ransomware-as-a-service (RaaS) offering. Following the lead of other big game hunter ransomware groups, Conti adopted the double extortion tactic, also known as 'steal, encrypt and leak', in order to apply additional pressure on victims to pay their ransom demands and avoid sensitive or confidential data being exposed.

Recently published by Lionel Gilles, an offensive security researcher based in France, 'PetitPotam' is a proof-of-concept (PoC) tool used for NT LAN Manager (NTLM) relay attacks that, when executed properly, grants threat actors the ability to take over a Windows Active Directory (AD) domain, including domain controllers (DC), where Active Directory Certificate Services (ADCS) are used. Similar to classic in-the-middle (ITM) or replay attacks, PetitPotam applies similar concepts to its relay attack.