https://www.bleepingcomputer.com/news/security/tools-and-tactics-of-the-sodinokibi-ransomware-distributors/

Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.

As part of the Sodinokibi ransomware-as-a-service, ransomware executables are tagged with an affiliate's IDs and sub IDs in order to track who infected the victim and which affiliate should earn a commission for a payment.