Using Teleseer to find malware via malicious file transfers
Often times, malware is transferred to an end user's machine via a file transfer (FTP, HTTP, SMB, etc).
Teleseer easily visualizes these events within the Timeline and Inspector panels.
For this example, we'll be using a Trickbot collection from Unit 42: Wireshark Tutorial: Examining Trickbot Infections
- Load the collection file into Teleseer
- View the new Project
- Expand the Timeline > Events section
- Select the File Transfer Event
- Hover over the Selected Event within the Inspector panel
phn34ycjtghm.exe is a known trickbot executable.
Hash lookups coming soon!
Updated 2 months ago