T1016.001 - System Network Configuration Discovery: Internet Connection Discovery

Description from ATT&CK

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using [Ping](https://attack.mitre.org/software/S0097), tracert, and GET requests to websites. Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.

Atomic Tests


Atomic Test #1 - Check internet connection using ping Windows

Check internet connection using ping on Windows. The default target of the ping is 8.8.8.8 (Google Public DNS).

Supported Platforms: Windows

auto_generated_guid: e184b6bd-fb28-48aa-9a59-13012e33d7dc

Inputs:

| Name | Description | Type | Default Value | |——|————-|——|—————| | ping_target | target of the ping | url | 8.8.8.8|

Attack Commands: Run with
1
command_prompt
!

ping -n 4 #{ping_target}



Atomic Test #2 - Check internet connection using ping freebsd, linux or macos

Check internet connection using ping on Linux, MACOS. The default target of the ping is 8.8.8.8 (Google Public DNS).

Supported Platforms: macOS, Linux

auto_generated_guid: be8f4019-d8b6-434c-a814-53123cdcc11e

Inputs:

| Name | Description | Type | Default Value | |——|————-|——|—————| | ping_target | target of the ping | url | 8.8.8.8|

Attack Commands: Run with
1
bash
!

1
ping -n 4 #{ping_target}