Resources | The Online Operations Killchain | FAQ | License

Welcome to the Meta Threat Research Indicator Repository, a dedicated resource for the sharing of Indicators of Compromise (IOCs) and other threat indicators with the external research community

• Threat Reports: For comprehensive threat analysis, visit our Transparency Center
• IOC & Threat Indicator Folders: Access the repository of Indicators of Compromise and threat indicators here
• Index of tactics, techniques and procedures (TTPs) : For an index of the current TTPs here

To help the broader research community to study and protect people across different internet services, we’ve collated and organized these indicators according to the Online Operations Kill Chain framework, which we use at Meta to analyze many sorts of malicious online operations, identify the earliest opportunities to disrupt them, and share information across investigative teams. The kill chain describes the sequence of steps that threat actors go through to establish a presence across the internet, disguise their operations, engage with potential audiences, and respond to takedowns.

This section includes the latest threat indicators and is not meant to provide a full cross-internet, historic view into these operations. It’s important to note that, in our assessment, the mere sharing of these operations’ links or engaging with them by online users would be insufficient to attribute accounts to a given campaign without corroborating evidence.

Why are you releasing this?

We’re sharing these threat indicators in this format to enable further research by the open-source community into any related activity across the web. Note that we’ve been sharing threat indicators in PDF format for years as part of our regular threat reporting

How were these indicators identified?

Meta employs a diverse array of techniques to identify malware and malicious activities. We do not typically disclose our exact methods publicly.

How often are the Indicators of Compromise (IOCs) updated?

We regularly update the IOCs as part of our broader threat reporting. For further threat analysis, visit our Transparency Center

All the data in this repository is provided under the MIT License. For the full license text, refer to the LICENSE file.