T1016.001SubTechniquediscoveryagent-callable

T1016.001Internet Connection Discovery

Sub-technique of T1016

Platforms: Windows · Linux · macOS

ATT&CK version: 14.1

What it is

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using [Ping](https://attack.mitre.org/software/S0097), <code>tracert</code>, and GET requests to websites. Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.

ATT&CK tactics· 1

Discovery

References

  1. https://attack.mitre.org/techniques/T1016/001
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1016.001: Internet Connection Discovery | SQUR Knowledge Base