← Back to Explore
T1016.001
Internet Connection Discovery
Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using [Ping](https://attack.mitre.org/software/S0097), <code>tracert</code>, and GET requests to websites, or performing initial speed testing to confirm bandwidth. Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to ...
WindowsLinuxmacOSESXi
6
Detections
2
Sources
11
Threat Actors
BY SOURCE
5elastic1splunk_escu
PROCEDURES (5)
Dns2 detections
Auto-extracted: 2 detections for dns
Service1 detections
Auto-extracted: 1 detections for service
Service1 detections
Auto-extracted: 1 detections for service
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
Script Execution Monitoring1 detections
Auto-extracted: 1 detections for script execution monitoring
THREAT ACTORS (11)
DETECTIONS (6)
DNS Request for IP Lookup Service via Unsigned Binary
elasticmedium
Enumeration Command Spawned via WMIPrvSE
elasticlow
External IP Address Discovery via Curl
elasticlow
Network Discovery Using Route Windows App
splunk_escu
Suspicious PDF Reader Child Process
elasticlow
System Public IP Discovery via DNS Query
elastichigh