RaaS appears to have filled GandCrab’s shoes, promoted by respected veterans on underground forums, such as Lalartu. ‘Truniger’ is currently a team of more than 10 individuals, the actor started in the summer of 2018 as a one-man show. They use RDP brute forcing to get into networks and rely on a custom tool for the job, called RDP Brute. The loader mentioned in the conversation is Amadey, quite popular in some underground forums for the low detection rate.
Source: https://www.bleepingcomputer.com/news/security/gandcrab-raas-was-a-training-ground-for-malware-distributors/