Conti Ransomware is the successor of the notorious Ryuk Ransomware. It is contains unique features that separate it in terms of performance and focus on network-based targets.
SystemBC is a malware sold that is on sale in underground marketplaces. SystemBC has evolved into a Tor proxy and remote control tool favored by actors behind the latest high-profile ransomware campaigns.
Fireeye and other users of SolarWinds Orion IT monitoring and management software had been compromised by SolarWinds Supply Chain Attack. Threat actor behind this attack is identified as UNC2452 or Dark Halo.
Windows Trace command and Pktmon produce there output in Event Trace Log (ETL) format. ETL is Microsoft propitiatory format and mostly incompatible with other popular and widely accepted and standardized packet capture formats like PCAP and PCAPNG.
First thing that come to mind for packet capturing in Wireshark or tcpdump. In this tutorial we will be capturing packet on Windows 10 machine without any external tool installed.