NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / HEXANE

HEXANE

G1001 Espionage MITRE ATT&CK →

Also known as: Lyceum · Siamesekitten · Spirlin

Overview

HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. HEXANE's TTPs appear similar to APT33 and OilRig but due to differences in victims and tools it is tracked as a separate entity.

Targets

Defense · Education · Energy · Government · High-Tech · Military · Telecommunications

Regions

Israel · Middle East

Capabilities

  • Custom malware/implant development — ATT&CK: 5 attributed custom malware families

TTPs — 36 techniques across 11 tactics

Reconnaissance

Resource Development

Execution

Stealth

Lateral Movement

Collection

Command and Control

Exfiltration

Tools & malware (12)

Milan · Ping · netstat · BITSAdmin · Shark · DnsSystem · DanBot · Empire · ipconfig · Mimikatz · Kevin · PoshC2

Reporting (3)