GMAN is a Russian Based apt group. Their Campaigns Focused on the Finance Industry to transfer money from Banks to e-currency services. Their Attack Time Scale was since 2015 and in 2017 they was in active.
GCMAN has been Targetting Russian Banks since 2015 using Spearphishing.
GMAN Focused on Targetting Finance in the Russian Government.
GCMAN relied on opensoucre tools like VNC (Gui Tool used to remotly control another computer) and PuTTY (File Transfer Tool) and pentesting tools like metasploit Meterpreter.
They used Spearphishing Emails In Order to get into the victim network. The Spear-Phishing Emails contains Malicious (.RAR) Attachments which once opened an executable is executed and the victim got infected. GCMAN Also Used Other Techniques like using Planting a Cron Script in the Bank Server in order to generate financial transactions at the rate of $200 per minute Other Technique is Exploiting SQL Injection In Order to get into The Victim Company and then laterally Move through the Network.
b3a4096a27184df6f25a14346b506853
1a4a8aa1057411aacea0f21f442929dd
1ce5fe6a95072cdf07a922c2b481f993
8a18846e17244db9af90009ddab341ce
59254add2a5e8811570bc0b2ecf888ec
060d6ca0147d4de502749f0e68452fac
5e31d7ebfe676bdf4845b051f3932caa
fad67c9322c9302b6f3d74bd80af1f38
https://adode-update.com:443/xvbr_abgznhtovic9xmwm
http://kavupdate.net/cgi-bin/s2.cgi
http://kavupdate.net/resume.rar
https://google-src.com:443/nps1 _nmsdat9a52mphytq
https://46.28.203.60:443/fw1t _hwytzruocih8yyws
http://banertrack.com/y2ag1985511913/ldcigar.php
198.55.119.113
200.74.240.129
94.102.63.6
5.199.165.56