Skip to content

Y-Security

G0036 GCMAN

G0036 GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ¹

Item	Value
ID	G0036
Associated Names
Version	1.1
Created	31 May 2017
Last Modified	30 March 2020
Navigation Layer	View In ATT&CK® Navigator

Techniques Used

Domain	ID	Name	Use
enterprise	T1021	Remote Services	-
enterprise	T1021.004	SSH	GCMAN uses Putty for lateral movement.¹
enterprise	T1021.005	VNC	GCMAN uses VNC for lateral movement.¹

References

Kaspersky Lab’s Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016. ↩↩↩