Mandiant is a US-based cybersecurity company that was acquired by Google Cloud in 2022. Mandiant was originally founded as Red Cliff Consulting in 2004 before rebranding in 2006. Mandiant gained significant fame in February 2013 when it released the APT1 report, a report detailing and implicating China's efforts, specifically China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398), in cyber espionage.
In December 2013, Mandiant was acquired by FireEye, and the combined company offered incident response, consulting, and proactive services, managed detection and response (MDR), and various cybersecurity products. The FireEye name and product line were sold to Symphony Technology Group in June 2021.
In March 2022, Google announced its plans to acquire Mandiant and integrate it in Google Cloud. The acquisition was completed in September 2022. The Mandiant brand will be retained as a part of Google Cloud.
Since its inception, Mandiant has significant contributions to the DFIR community, including (but not limited to):
- Discovery and release of new forensic artifacts.
- Disclosure of threat intelligence reports and threat actor TTPs.
- Release and maintenance of free, open or closed source tools.
List of Mandiant Tools
|capa||Open source tool to identify capabilities within an executable file||4.0.1||Active||Link|
|Commando-VM||A Windows-based security distribution for penetration testing and red teaming||N/A||Active||Link|
|First Response||An agent-based incident response tool.||N/A||Deprecated||N/A|
|Flare-VM||A Windows-based security distribution for malware analysis, incident response, and other cybersecurity activities||3.0.1||Active||Link|
|Floss (Flare Obfuscated String Solver)||A tool to automatically extract obfuscated strings from malware||2.1.0||Active||Link|
|Red Curtain||Originally released at BlackHat Federal in 2007, this tool was described as a malware detection product||N/A||Deprecated||N/A|
|Web Historian||A free tool to parse web browser history from FireFox 2/3+, Chrome 3+, and Internet Explorer versions 5 through 8||2.0||Active||Link|