Flocker is a ransomware threat actor, also referred to as “FSociety ransomware.” In June 2025, CYFIRMA reported (based on underground forum observations) that Flocker/FSociety claimed to have compromised the Department of Land and Real Estate Regulation in Ajman, United Arab Emirates. No additional high-confidence details on Flocker’s tooling, initial access methods, victimology beyond this claim, or specific tactics/techniques are provided in the available content.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Ransomware-as-a-Service operation using double extortion (encryption plus data theft/leak threats) with aggressive tactics and reported collaboration with other cybercriminal groups.
Ransomware actor listed as active in Q1 2025.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.