View on MITRE ATT&CK

T1016.001 - Internet Connection Discovery

Sub-technique
Tattiche:
Discovery
Piattaforme:
Windows Linux macOS ESXi
Rilevamento:
Not specified
Description:
Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using [Ping](https://attack.mitre.org/software/S0097), <code>tracert</code>, and GET requests to websites, or performing initial speed testing to confirm bandwidth.

Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.
Usato da Attori (11)
APT29
Nation-state
Turla
Nation-state
Gamaredon Group
Unknown
FIN8
Unknown
HAFNIUM
Unknown
FIN13
Unknown
TA2541
Unknown
Volt Typhoon
Unknown
HEXANE
Unknown
Magic Hound
Unknown
Lotus Blossom
Unknown
Malware (13)
QuietSieve other Havoc other PUBLOAD other Woody RAT other SUGARUSH other Neoichor other Rising Sun other DarkTortilla other GoldFinder other NKAbuse other More_eggs other SysUpdate other QakBot other
Metadata
MITRE ID: T1016.001
STIX ID: attack-pattern--132d5b37-aac5-...
Piattaforme: Windows, Linux, macOS, ESXi
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00