GROUPS

Overview

admin@338

Ajax Security Team

ALLANITE

Andariel

Aoqin Dragon

APT-C-36

APT1

APT12

APT16

APT17

APT18

APT19

APT28

APT29

APT3

APT30

APT32

APT33

APT37

APT38

APT39

APT41

Aquatic Panda

Axiom

BackdoorDiplomacy

BITTER

BlackOasis

BlackTech

Blue Mockingbird

Bouncing Golf

BRONZE BUTLER

Carbanak

Chimera

Cleaver

Cobalt Group

Confucius

CopyKittens

Dark Caracal

Darkhotel

DarkHydrus

DarkVishnya

Deep Panda

Dragonfly

DragonOK

Earth Lusca

Elderwood

Ember Bear

Equation

Evilnum

EXOTIC LILY

Ferocious Kitten

FIN10

FIN4

FIN5

FIN6

FIN7

FIN8

Fox Kitten

GALLIUM

Gallmaker

Gamaredon Group

GCMAN

GOLD SOUTHFIELD

Gorgon Group

Group5

HAFNIUM

HEXANE

Higaisa

Inception

IndigoZebra

Indrik Spider

Ke3chang

Kimsuky

LAPSUS$

Lazarus Group

LazyScripter

Leafminer

Leviathan

Lotus Blossom

Machete

Magic Hound

menuPass

Moafee

Mofang

Molerats

Moses Staff

MuddyWater

Mustang Panda

Naikon

NEODYMIUM

Nomadic Octopus

OilRig

Orangeworm

Patchwork

PittyTiger

PLATINUM

POLONIUM

Poseidon Group

PROMETHIUM

Putter Panda

Rancor

Rocke

RTM

Sandworm Team

Scarlet Mimic

SideCopy

Sidewinder

Silence

Silent Librarian

SilverTerrier

Sowbug

Stealth Falcon

Strider

Suckfly

TA459

TA505

TA551

TeamTNT

TEMP.Veles

The White Company

Threat Group-1314

Threat Group-3390

Thrip

Tonto Team

Transparent Tribe

Tropic Trooper

Turla

Volatile Cedar

Whitefly

Windigo

Windshift

Winnti Group

WIRTE

Wizard Spider

ZIRCONIUM

GROUPS

Overview

A-B

admin@338

Ajax Security Team

ALLANITE

Andariel

Aoqin Dragon

APT-C-36

APT1

APT12

APT16

APT17

APT18

APT19

APT28

APT29

APT3

APT30

APT32

APT33

APT37

APT38

APT39

APT41

Aquatic Panda

Axiom

BackdoorDiplomacy

BITTER

BlackOasis

BlackTech

Blue Mockingbird

Bouncing Golf

BRONZE BUTLER

C-D

Carbanak

Chimera

Cleaver

Cobalt Group

Confucius

CopyKittens

Dark Caracal

Darkhotel

DarkHydrus

DarkVishnya

Deep Panda

Dragonfly

DragonOK

E-F

Earth Lusca

Elderwood

Ember Bear

Equation

Evilnum

EXOTIC LILY

Ferocious Kitten

FIN10

FIN4

FIN5

FIN6

FIN7

FIN8

Fox Kitten

G-H

GALLIUM

Gallmaker

Gamaredon Group

GCMAN

GOLD SOUTHFIELD

Gorgon Group

Group5

HAFNIUM

HEXANE

Higaisa

I-J

Inception

IndigoZebra

Indrik Spider

K-L

Ke3chang

Kimsuky

LAPSUS$

Lazarus Group

LazyScripter

Leafminer

Leviathan

Lotus Blossom

M-N

Machete

Magic Hound

menuPass

Moafee

Mofang

Molerats

Moses Staff

MuddyWater

Mustang Panda

Naikon

NEODYMIUM

Nomadic Octopus

O-P

OilRig

Orangeworm

Patchwork

PittyTiger

PLATINUM

POLONIUM

Poseidon Group

PROMETHIUM

Putter Panda

Q-R

Rancor

Rocke

RTM

S-T

Sandworm Team

Scarlet Mimic

SideCopy

Sidewinder

Silence

Silent Librarian

SilverTerrier

Sowbug

Stealth Falcon

Strider

Suckfly

TA459

TA505

TA551

TeamTNT

TEMP.Veles

The White Company

Threat Group-1314

Threat Group-3390

Thrip

Tonto Team

Transparent Tribe

Tropic Trooper

Turla

U-V

Volatile Cedar

W-X

Whitefly

Windigo

Windshift

Winnti Group

WIRTE

Wizard Spider

Y-Z

ZIRCONIUM

GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ^[1]

ID: G0036

Version: 1.1

Created: 31 May 2017

Last Modified: 30 March 2020

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Enterprise	T1021	.004	Remote Services: SSH	GCMAN uses Putty for lateral movement.^[1]
		.005	Remote Services: VNC	GCMAN uses VNC for lateral movement.^[1]

References

Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.

GCMAN

Enterprise Layer

Techniques Used

References