Finding Malware

Using Teleseer to find malware via malicious file transfers


Often times, malware is transferred to an end user's machine via a file transfer (FTP, HTTP, SMB, etc).

Teleseer easily visualizes these events within the Timeline and Inspector panels.


For this example, we'll be using a Trickbot collection from Unit 42: Wireshark Tutorial: Examining Trickbot Infections

  1. Load the collection file into Teleseer
  2. View the new Project
Trickbot Project

Trickbot Project

  1. Expand the Timeline > Events section
File Transfer Events

File Transfer Events

  1. Select the File Transfer Event
  2. Hover over the Selected Event within the Inspector panel
File Transfer hover

File Transfer hover


Trickbot executable

phn34ycjtghm.exe is a known trickbot executable.

Hash lookups coming soon!