HEXANE

Techniques (MITRE ATT&CK)36

SourceMITRE ATT&CK

Also known as:LyceumSiamesekittenSpirlin

Vexday analysis

HEXANE (também rastreado como Lyceum, Siamesekitten e Spirlin) é um grupo de espionagem cibernética ativo pelo menos desde 2017, com foco em organizações dos setores de petróleo e gás, telecomunicações, aviação e provedores de serviços de internet. As campanhas documentadas tiveram como alvo empresas localizadas no Oriente Médio e na África, incluindo Israel, Arábia Saudita, Kuwait, Marrocos e Tunísia. Embora suas TTPs apresentem semelhanças com as dos grupos APT33 e OilRig, diferenças nas vítimas e nas ferramentas utilizadas justificam seu rastreamento como entidade distinta. O grupo possui 36 técnicas documentadas no MITRE ATT&CK, onde é identificado pelo código G1001.

Techniques (MITRE ATT&CK) 36

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Gather Victim Identity Information Email Addresses Identify Roles

Resource development

Domains DNS Server Social Media Accounts Email Accounts Email Accounts Tool Upload Malware

Execution

Scheduled Task PowerShell Visual Basic Malicious File

Privilege escalation

Windows Management Instrumentation Event Subscription

Credential access

Brute Force Password Spraying Credentials from Password Stores Credentials from Web Browsers

Discovery

Application Window Discovery System Network Configuration Discovery Internet Connection Discovery Remote System Discovery System Owner/User Discovery System Network Connections Discovery Process Discovery Local Groups System Information Discovery Software Discovery

Lateral movement

Remote Desktop Protocol Internal Spearphishing

Collection

Keylogging

Command and control

Bidirectional Communication Ingress Tool Transfer

Exfiltration

Exfiltration to Cloud Storage

stealth

Command Obfuscation

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

HEXANE uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →