GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. [1]

ID: G0036
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1021 .004 Remote Services: SSH

GCMAN uses Putty for lateral movement.[1]

.005 Remote Services: VNC

GCMAN uses VNC for lateral movement.[1]