diff --git a/indicators/facebook-pl-5b1aed4d.yml b/indicators/facebook-pl-5b1aed4d.yml
new file mode 100644
index 00000000..c2e6c5c7
--- /dev/null
+++ b/indicators/facebook-pl-5b1aed4d.yml
@@ -0,0 +1,21 @@
+title: facebook-pl-5b1aed4d
+description: |
+  A phishing kit using fake and alarming
+  news articles to trick users into
+  giving away their Facebook login 
+  credentials.
+level: potentially_malicious
+references:
+  - https://urlscan.io/result/5b1aed4d-e436-4849-8c76-9ff9a6638902
+  - https://urlscan.io/result/0a95517f-9263-46d0-82ab-8c52bb40b13d
+
+detection:
+
+  embeddedVideo:
+    requests|contains: 'https://www.youtube.com/embed/3rH4-ib6IxQ'
+    
+  condition: embeddedVideo
+  
+tags:
+  - target_country.poland
+  - target.facebook