GROUPS

Overview admin@338 APT1 APT12 APT16 APT17 APT18 APT19 APT28 APT29 APT3 APT30 APT32 APT33 APT37 APT38 APT39 Axiom BlackOasis BRONZE BUTLER Carbanak Charming Kitten Cleaver Cobalt Group CopyKittens Dark Caracal Darkhotel DarkHydrus Deep Panda Dragonfly Dragonfly 2.0 DragonOK Dust Storm Elderwood Equation FIN10 FIN4 FIN5 FIN6 FIN7 FIN8 Gallmaker Gamaredon Group GCMAN Gorgon Group Group5 Honeybee Ke3chang Lazarus Group Leafminer Leviathan Lotus Blossom Magic Hound menuPass Moafee Molerats MuddyWater Naikon NEODYMIUM Night Dragon OilRig Orangeworm Patchwork PittyTiger PLATINUM Poseidon Group PROMETHIUM Putter Panda Rancor RTM Sandworm Team Scarlet Mimic Silence SilverTerrier Soft Cell Sowbug Stealth Falcon Stolen Pencil Strider Suckfly TA459 TA505 Taidoor TEMP.Veles The White Company Threat Group-1314 Threat Group-3390 Thrip Tropic Trooper Turla Winnti Group WIRTE

Overview A-B

admin@338 APT1 APT12 APT16 APT17 APT18 APT19 APT28 APT29 APT3 APT30 APT32 APT33 APT37 APT38 APT39 Axiom BlackOasis BRONZE BUTLER

C-D

Carbanak Charming Kitten Cleaver Cobalt Group CopyKittens Dark Caracal Darkhotel DarkHydrus Deep Panda Dragonfly Dragonfly 2.0 DragonOK Dust Storm

E-F

Elderwood Equation FIN10 FIN4 FIN5 FIN6 FIN7 FIN8

G-H

Gallmaker Gamaredon Group GCMAN Gorgon Group Group5 Honeybee

I-J

No groups

K-L

Ke3chang Lazarus Group Leafminer Leviathan Lotus Blossom

M-N

Magic Hound menuPass Moafee Molerats MuddyWater Naikon NEODYMIUM Night Dragon

O-P

OilRig Orangeworm Patchwork PittyTiger PLATINUM Poseidon Group PROMETHIUM Putter Panda

Q-R

Rancor RTM

S-T

Sandworm Team Scarlet Mimic Silence SilverTerrier Soft Cell Sowbug Stealth Falcon Stolen Pencil Strider Suckfly TA459 TA505 Taidoor TEMP.Veles The White Company Threat Group-1314 Threat Group-3390 Thrip Tropic Trooper Turla

U-V

No groups

W-X

Winnti Group WIRTE

Y-Z

No groups

GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ^[1]

ID: G0036

Version: 1.0

Techniques Used

Domain	ID	Name	Use
Enterprise	T1021	Remote Services	GCMAN uses Putty and VNC for lateral movement.^[1]

References

Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.