GROUPS

Overview

admin@338

Ajax Security Team

APT-C-36

APT1

APT12

APT16

APT17

APT18

APT19

APT28

APT29

APT3

APT30

APT32

APT33

APT37

APT38

APT39

APT41

Axiom

BlackOasis

BlackTech

Blue Mockingbird

Bouncing Golf

BRONZE BUTLER

Carbanak

Chimera

Cleaver

Cobalt Group

CopyKittens

Dark Caracal

Darkhotel

DarkHydrus

DarkVishnya

Deep Panda

Dragonfly

Dragonfly 2.0

DragonOK

Dust Storm

Elderwood

Equation

Evilnum

FIN10

FIN4

FIN5

FIN6

FIN7

FIN8

Fox Kitten

Frankenstein

GALLIUM

Gallmaker

Gamaredon Group

GCMAN

GOLD SOUTHFIELD

Gorgon Group

Group5

HAFNIUM

Higaisa

Honeybee

Inception

Indrik Spider

Ke3chang

Kimsuky

Lazarus Group

Leafminer

Leviathan

Lotus Blossom

Machete

Magic Hound

menuPass

Moafee

Mofang

Molerats

MuddyWater

Mustang Panda

Naikon

NEODYMIUM

Night Dragon

OilRig

Operation Wocao

Orangeworm

Patchwork

PittyTiger

PLATINUM

Poseidon Group

PROMETHIUM

Putter Panda

Rancor

Rocke

RTM

Sandworm Team

Scarlet Mimic

Sharpshooter

Sidewinder

Silence

Silent Librarian

SilverTerrier

Sowbug

Stealth Falcon

Stolen Pencil

Strider

Suckfly

TA459

TA505

TA551

Taidoor

TEMP.Veles

The White Company

Threat Group-1314

Threat Group-3390

Thrip

Tropic Trooper

Turla

Volatile Cedar

Whitefly

Windigo

Windshift

Winnti Group

WIRTE

Wizard Spider

ZIRCONIUM

GROUPS

Overview

A-B

admin@338

Ajax Security Team

APT-C-36

APT1

APT12

APT16

APT17

APT18

APT19

APT28

APT29

APT3

APT30

APT32

APT33

APT37

APT38

APT39

APT41

Axiom

BlackOasis

BlackTech

Blue Mockingbird

Bouncing Golf

BRONZE BUTLER

C-D

Carbanak

Chimera

Cleaver

Cobalt Group

CopyKittens

Dark Caracal

Darkhotel

DarkHydrus

DarkVishnya

Deep Panda

Dragonfly

Dragonfly 2.0

DragonOK

Dust Storm

E-F

Elderwood

Equation

Evilnum

FIN10

FIN4

FIN5

FIN6

FIN7

FIN8

Fox Kitten

Frankenstein

G-H

GALLIUM

Gallmaker

Gamaredon Group

GCMAN

GOLD SOUTHFIELD

Gorgon Group

Group5

HAFNIUM

Higaisa

Honeybee

I-J

Inception

Indrik Spider

K-L

Ke3chang

Kimsuky

Lazarus Group

Leafminer

Leviathan

Lotus Blossom

M-N

Machete

Magic Hound

menuPass

Moafee

Mofang

Molerats

MuddyWater

Mustang Panda

Naikon

NEODYMIUM

Night Dragon

O-P

OilRig

Operation Wocao

Orangeworm

Patchwork

PittyTiger

PLATINUM

Poseidon Group

PROMETHIUM

Putter Panda

Q-R

Rancor

Rocke

RTM

S-T

Sandworm Team

Scarlet Mimic

Sharpshooter

Sidewinder

Silence

Silent Librarian

SilverTerrier

Sowbug

Stealth Falcon

Stolen Pencil

Strider

Suckfly

TA459

TA505

TA551

Taidoor

TEMP.Veles

The White Company

Threat Group-1314

Threat Group-3390

Thrip

Tropic Trooper

Turla

U-V

Volatile Cedar

W-X

Whitefly

Windigo

Windshift

Winnti Group

WIRTE

Wizard Spider

Y-Z

ZIRCONIUM

GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ^[1]

ID: G0036

Version: 1.1

Created: 31 May 2017

Last Modified: 30 March 2020

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Enterprise	T1021	.004	Remote Services: SSH	GCMAN uses Putty for lateral movement.^[1]
		.005	Remote Services: VNC	GCMAN uses VNC for lateral movement.^[1]

References

Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.

GCMAN

Enterprise Layer

Techniques Used

References