Researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network. Using a global network of Remote Desktop Protocol (RDP) honeypots was used to track the activities of three affiliates. The affiliates, known as Group 1, affiliate #34, and affiliate #19, showed more skillful tactics such as using custom Mimikatz batch files to harvest network credentials.
Source: https://www.bleepingcomputer.com/news/security/tools-and-tactics-of-the-sodinokibi-ransomware-distributors/