216.73.216.6

T1016.001: Internet Connection Discovery

View on MITRE ATT&CK The MITRE Corporation · Published 17/03/2021 16:28 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1016.001
Confidence
100/100
Revoked
No
Published
17/03/2021 16:28
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Aliases

T1016.001

Platforms

windows macos linux ESXi

Description

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using [Ping](https://attack.mitre.org/software/S0097), `tracert`, and GET requests to websites, or performing initial speed testing to confirm bandwidth. Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.

Kill chain phases

Kill chainPhase
mitre-attack discovery

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.