Spectra Analyze in Action: Retrohunting Bots

This report explains how threat actors use Telegram bots as a lightweight C2 for credential-harvesting and infostealer campaigns, and demonstrates a retrohunting workflow (regex/YARA) plus static and dynamic analysis steps to locate Telegram bot tokens, phishing pages, and related IOCs for detection and threat hunting.