GCMAN

Also known as: G0036, GCMAN

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. Securelist GCMAN

🌍 Country Russia

⚡ Risk Level High

🧭 ATT&CK G0036

Bank

Introduction

GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. Securelist GCMAN

Activities and Tactics

Targeted Sectors: Bank

Country of Origin: 🇷🇺 Russia

Risk Level: High

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

CyberGate:
Cyber Eye RAT:
9002:

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] Securelist GCMAN Kaspersky Lab’s Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.

Source Attribution

Structured source: MISP Galaxy

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium