Other observed routines include things like the use of a number of TTPs typically affiliated with ransomware activity. For example, LockBit three.0 affiliates happen to be noticed working with AnyDesk and Splashtop remote administration and monitoring (RMM), Batch and PowerShell scripts, the execution of HTA files using the Home windows native util