Skip to content


GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. 1

Item Value
ID G0036
Associated Names
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1021 Remote Services -
enterprise T1021.004 SSH GCMAN uses Putty for lateral movement.1
enterprise T1021.005 VNC GCMAN uses VNC for lateral movement.1