Product
This brief details the detection of suspicious DNS queries from non-Telegram processes to api.telegram.org on Windows systems, a strong indicator of malware utilizing the Telegram Bot API for command and control (C2) communications to receive commands or exfiltrate data.