Website
*.instagram.com
Tags
Phishing C&C
Phishing
Attackers can use the l.instagram.com subdomain to redirect users to an external URL. Although Instagram scans the URL (which can be bypassed by using a URL shortening service) and includes a time-based token to reduce the chances of abuse.
Command and Control
The Instagram API can be used to make Instagram a C&C server. An open source tool "Social-media-c2" uses the like functionality on Instagram to send commands to infected machines.
Exfiltration
None
Download
None
Service Provider
Facebook
Sample
Created: 2021-11-13
Last Update: 2021-11-13
Credits: @TalenceSecurity, @mattnotmax