T1016.001: Internet Connection Discovery
Essential information
- MITRE technique ID
T1016.001- Confidence
- 100/100
- Revoked
- No
- Published
- 17/03/2021 16:28
- Modified
- 27/03/2026 01:08
- Author / Source
- The MITRE Corporation
Aliases
T1016.001
Platforms
windows macos linux ESXi
Description
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-attack | discovery |
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (13)
-
The MITRE Corporation Confidence 100
[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology,…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[FIN13](https://attack.mitre.org/groups/G1016) is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. [FIN13](https://attack.mitre.org/groups/G1016) achieves…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Thrip](https://attack.mitre.org/groups/G0076) is an espionage group that has targeted satellite communications, telecoms, and defense contractor companies in the U.S. and Southeast Asia. The group uses custom malware as well…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TA2541 usesThe MITRE Corporation Confidence 100
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Venom Spider usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[HAFNIUM](https://attack.mitre.org/groups/G0125) is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. [HAFNIUM](https://attack.mitre.org/groups/G0125) primarily targets entities in the US…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TwoNet usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Magic Hound](https://attack.mitre.org/groups/G0059) is an Iranian-sponsored threat group that conducts long term, resource-intensive cyber espionage operations, likely on behalf of the Islamic Revolutionary Guard Corps. They have targeted European,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Malware (20)
-
SUGARUSH uses
-
GoldFinder usesFamily The MITRE Corporation Confidence 100
[GoldFinder](https://attack.mitre.org/software/S0597) is a custom HTTP tracer tool written in Go that logs the route a packet takes between a compromised network and a C2 server. It can be…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Neoichor usesFamily The MITRE Corporation Confidence 100
[Neoichor](https://attack.mitre.org/software/S0691) is C2 malware used by [Ke3chang](https://attack.mitre.org/groups/G0004) since at least 2019; similar malware families used by the group include Leeson and Numbldea.(Citation: Microsoft NICKEL December 2021)
First seen 01/01/1970 · Last seen 16/11/5138 · -
QuackBot usesFamily
-
More_eggs - S0284 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ValleyRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
SRBMiner usesFamily
-
Hijackloader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Reports (4)
-
Threat landscape — insurance relatedConfidence 100 199 MITREs 11 APTs
-
7 MITREs 1 Malware 10 Observables 1 APT
-
9 MITREs 1 Malware 3 Observables
-
7 MITREs 1 Malware 2 Observables
Campaign (2)
-
Operation Wocao uses
-
SolarWinds Compromise uses