From 57d7b14f73289f283951a4f44cb9ae5a293bfd69 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 20 Sep 2016 07:31:47 +0200 Subject: [PATCH] GCMAN added --- elements/adversary-groups.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/elements/adversary-groups.json b/elements/adversary-groups.json index aaec209..0aae8ab 100644 --- a/elements/adversary-groups.json +++ b/elements/adversary-groups.json @@ -934,6 +934,11 @@ "value": "TA530", "refs": ["https://www.proofpoint.com/us/threat-insight/post/malicious-macros-add-to-sandbox-evasion-techniques-to-distribute-new-dridex"], "description": "TA530, who we previously examined in relation to large-scale personalized phishing campaigns " + }, + { + "value": "GCMAN", + "description": "GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services.", + "refs": ["https://securelist.com/blog/research/73638/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/"] } ] }