GROUPS
GROUPS
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
No groups
  1. Home
  2. Groups
  3. GCMAN

GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. [1]

ID: G0036
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1021 .004 Remote Services: SSH

GCMAN uses Putty for lateral movement.[1]
.005 Remote Services: VNC

GCMAN uses VNC for lateral movement.[1]

References

  1. Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.