Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 21:48:20 UTC
Home > List all groups > List all tools > List all groups using tool GCMAN
 Tool: GCMAN
Names GCMAN
Category Malware
Type Banking trojan
Description
(Kaspersky) The initial infection mechanism is handled by spear-phishing. A financial
institution is targeted with e-mails carrying a malicious RAR archive. When the RAR
archive is opened an executable is started instead of a Microsoft Word document,
resulting in infection. The group also plants a cron script into the bank's server to generate
financial transactions at the rate of $200 per minute.
Information
Malpedia AlienVault OTX Last change to this tool card: 13 May 2020
Download this tool card in JSON format
All groups using tool GCMAN
Changed Name Country Observed
APT groups
 GCMAN 2016
1 group listed (1 APT, 0 other, 0 unknown)
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e825b6cc-cf52-4c62-936c-8ca786176b8d
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e825b6cc-cf52-4c62-936c-8ca786176b8d
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e825b6cc-cf52-4c62-936c-8ca786176b8d
Page 2 of 2

APT groups  GCMAN 2016 
1 group listed (1 APT, 0 other, 0 unknown) 
   Page 1 of 2