From 1373aed185ef5448db48434c56c4413c8f8c528c Mon Sep 17 00:00:00 2001
From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
Date: Thu, 20 Jun 2024 22:29:20 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20Create=20IOK:=20facebook-pl-5b1a?=
 =?UTF-8?q?ed4d=20(#244)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🚀 Create IOK: facebook-pl-5b1aed4d

Create facebook-pl-5b1aed4d.yml

* Update facebook-pl-5b1aed4d.yml

Make changes suggested by Lightning

* Update facebook-pl-5b1aed4d.yml

Rollback changes
---
 indicators/facebook-pl-5b1aed4d.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 indicators/facebook-pl-5b1aed4d.yml

diff --git a/indicators/facebook-pl-5b1aed4d.yml b/indicators/facebook-pl-5b1aed4d.yml
new file mode 100644
index 00000000..c2e6c5c7
--- /dev/null
+++ b/indicators/facebook-pl-5b1aed4d.yml
@@ -0,0 +1,21 @@
+title: facebook-pl-5b1aed4d
+description: |
+  A phishing kit using fake and alarming
+  news articles to trick users into
+  giving away their Facebook login 
+  credentials.
+level: potentially_malicious
+references:
+  - https://urlscan.io/result/5b1aed4d-e436-4849-8c76-9ff9a6638902
+  - https://urlscan.io/result/0a95517f-9263-46d0-82ab-8c52bb40b13d
+
+detection:
+
+  embeddedVideo:
+    requests|contains: 'https://www.youtube.com/embed/3rH4-ib6IxQ'
+    
+  condition: embeddedVideo
+  
+tags:
+  - target_country.poland
+  - target.facebook