← Back to Actors
HEXANE
HEXANELyceumSiamesekittenSpirlin
[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://attack.mitre.org/groups/G1001)'s TTPs appear similar to [APT33](https://attack.mitre.org/groups/G0064) and [OilRig](https://attack.mitre.org/groups/G0049) but due to differences in victims and tools it is tracked as a separate entity.(Citation: Dr...
36
Techniques
32
Covered
4
Gaps
89%
Coverage
Coverage32/36
GAPS (4)
COVERED (32)
T1010Application Window Discovery1 det.T1016System Network Configuration Discovery35 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1027.010Command Obfuscation31 det.T1033System Owner/User Discovery59 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1056.001Keylogging4 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1069.001Local Groups35 det.T1082System Information Discovery80 det.T1102.002Bidirectional Communication14 det.T1105Ingress Tool Transfer170 det.T1110Brute Force85 det.T1110.003Password Spraying65 det.T1204.002Malicious File397 det.T1518Software Discovery15 det.T1534Internal Spearphishing181 det.T1546.003Windows Management Instrumentation Event Subscription17 det.T1555Credentials from Password Stores38 det.T1555.003Credentials from Web Browsers15 det.T1567.002Exfiltration to Cloud Storage27 det.T1583.001Domains61 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1589.002Email Addresses2 det.T1591.004Identify Roles2 det.T1608.001Upload Malware2 det.