The group’s access to exploits for vulnerabilities, such as CVE-2023-36802 and CVE-2023-29360, suggests ties to sophisticated developers and the purchase of external 64-bit executables rather than in-house development.