{
  "website": "api.telegram.org",
  "tags": [
    "C&C",
    "Exfiltration"
  ],
  "service_provider": "Telegram",
  "phishing": "None",
  "command_and_control": "Telegram is being increasingly used as a C&C server by attackers. CheckPoint reported that a Remote Access Trojan, ToxicEye, used Telegram for C&C. One additional benefit of using Telegram as a C&C server is it allows attackers to use their mobile device to access infected machines.",
  "exfiltration": "Data can be exfiltrated onto Telegram by using a bot controlled by the attacker and sending it the data as a private message. This was demonstrated by SecurityBoulevard.",
  "download": "None",
  "sample_url": "",
  "created": "2021-11-12",
  "last_update": "2021-11-12",
  "credits": "@abosalahps, @_FirehaK",
  "detail_path": "/site/6170692e74656c656772616d2e6f7267",
  "detail_slug": "6170692e74656c656772616d2e6f7267",
  "detail_url": "https://lots-project.com/site/6170692e74656c656772616d2e6f7267",
  "scraped_at": "2026-06-16T11:57:59Z"
}