Global median dwell time continues to go down, but we started tracking several hundred new threat actors and malware families.

To all active and aspiring malware analysts, the FLARE team is honored to announce that the popular Flare-On challenge will return for a triumphant seventh year.

The recent WannaCry ransomware takes advantage of a Server Message Block vulnerability to compromise Windows machines, load malware, and propagate to other machines in a network.

We have discovered a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that we have named SUNSHUTTLE.

We are excited to announce version 2.0 of our open-source tool, capa, which supports both malware triage and deep dive reverse engineering.

We recently worked on a new C# variant of Dark Crystal RAT and now aim to help defenders look for indicators of compromise and other telltale signs of this malware.

Intel (API v4), The Mandiant Integration for Siemplify enriches existing entities and IOCs in Siemplify with Mandiant Threat Intelligence data, including related entities and additional malware details.

Intel (API v4), The Open CTI integration collects intelligence from Mandiant, including, indicators, threat actors, malware families, and vulnerabilities; and makes the data available in the Open CTI platform

Intel (API v4), The Anomali integration with Mandiant provides access to contextually rich threat intelligence from Mandiant including indicators of compromise, threat actors, malware families, and finished intelligence reports.

We observed several high-volume FormBook malware distribution campaigns taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the third quarter of 2017.