← Back to Actors
HEXANE
HEXANELyceumSiamesekittenSpirlin
[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://attack.mitre.org/groups/G1001)'s TTPs appear similar to [APT33](https://attack.mitre.org/groups/G0064) and [OilRig](https://attack.mitre.org/groups/G0049) but due to differences in victims and tools it is tracked as a separate entity.(Citation: Dr...
36
Techniques
32
Covered
4
Gaps
89%
Coverage
Coverage32/36
GAPS (4)
COVERED (32)
T1010Application Window Discovery1 det.T1016System Network Configuration Discovery39 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task99 det.T1056.001Keylogging4 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1069.001Local Groups37 det.T1082System Information Discovery86 det.T1102.002Bidirectional Communication15 det.T1105Ingress Tool Transfer183 det.T1110Brute Force90 det.T1110.003Password Spraying66 det.T1204.002Malicious File425 det.T1518Software Discovery17 det.T1534Internal Spearphishing193 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1555Credentials from Password Stores40 det.T1555.003Credentials from Web Browsers16 det.T1567.002Exfiltration to Cloud Storage29 det.T1583.001Domains61 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1589.002Email Addresses2 det.T1591.004Identify Roles2 det.T1608.001Upload Malware3 det.