🛡️Threat Research Indicators

Resources | The Online Operations Killchain | FAQ | License

Welcome to the Meta Threat Research Indicator Repository, a dedicated resource for the sharing of Indicators of Compromise (IOCs) and other threat indicators with the external research community

📚 Resources

• Threat Reports: For comprehensive threat analysis, visit our Transparency Center
• IOC & Threat Indicator Folders: Access the repository of Indicators of Compromise and threat indicators here
• Index of tactics, techniques and procedures (TTPs) : For an index of the current TTPs here

🛠️ The Online Operations Killchain

To help the broader research community to study and protect people across different internet services, we’ve collated and organized these indicators according to the Online Operations Kill Chain framework, which we use at Meta to analyze many sorts of malicious online operations, identify the earliest opportunities to disrupt them, and share information across investigative teams. The kill chain describes the sequence of steps that threat actors go through to establish a presence across the internet, disguise their operations, engage with potential audiences, and respond to takedowns.

This section includes the latest threat indicators and is not meant to provide a full cross-internet, historic view into these operations. It’s important to note that, in our assessment, the mere sharing of these operations’ links or engaging with them by online users would be insufficient to attribute accounts to a given campaign without corroborating evidence.

📋 Published Threat Indicators

Date	Report	Origin	Targets
H1 2026	Russia-Based Influence Operation Network Targeting Eastern Europe	Russia	Eastern Europe
H1 2026	Deep Dive: Domestic Pakistani Activity Displaying Wide Use of AI	Pakistan	Pakistan
H1 2026	China-Based Influence Operation Network Targeting Taiwan	China	Taiwan
H1 2026	Iran-Based Influence Operation Network Targeting Azerbaijan	Iran	Azerbaijan
H1 2026	Deep Dive: Dissecting the Kill Chain of an Early-Stage Iranian Influence Operation	Iran	United States, Iraq
H1 2026	Russia-Based Influence Operation Network Targeting Sub-Saharan Africa	Russia	Sub-Saharan Africa
H2 2025	Moldova-Based Influence Operation Network Targeting Moldova	Moldova	Moldova
H2 2025	India-Based Influence Operation Network Targeting India	India	India
H2 2025	Poland-Based Influence Operation Network Targeting Poland	Poland	Poland
H2 2025	Belarus, Russia-Based Influence Operation Network Targeting Poland	Belarus, Russia	Poland
H2 2025	Russian Use of Authentic Operators in SSA	Russia	Sub-Saharan Africa
H2 2025	Updating Attribution of Persistent Iranian Influence Operation to “Endless Mayfly”	Iran	United States, France, Israel, United Kingdom

❓ FAQ

Why are you releasing this?

We’re sharing these threat indicators in this format to enable further research by the open-source community into any related activity across the web. Note that we’ve been sharing threat indicators in PDF format for years as part of our regular threat reporting

How were these indicators identified?

Meta employs a diverse array of techniques to identify malware and malicious activities. We do not typically disclose our exact methods publicly.

How often are the Indicators of Compromise (IOCs) updated?

We regularly update the IOCs as part of our broader threat reporting. For further threat analysis, visit our Transparency Center

📝 License

All the data in this repository is provided under the MIT License. For the full license text, refer to the LICENSE file.