Suspicious Non-Browser Network Communication With Telegram API (c3dbbc9f-ef1d-470a-a90a-d343448d5875)

Detects an a non-browser process interacting with the Telegram API which could indicate use of a covert C2

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Suspicious Non-Browser Network Communication With Telegram API (c3dbbc9f-ef1d-470a-a90a-d343448d5875)	Sigma-Rules	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Suspicious Non-Browser Network Communication With Telegram API (c3dbbc9f-ef1d-470a-a90a-d343448d5875)	Sigma-Rules	1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Suspicious Non-Browser Network Communication With Telegram API (c3dbbc9f-ef1d-470a-a90a-d343448d5875)	Sigma-Rules	1