🍎

T1016.001

System Network Configuration Discovery Internet Connection Discovery

Description from ATT&CK

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping, tracert, and GET requests to websites, or performing initial speed testing to confirm bandwidth.

Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.

Tests

Test #1 - Test Internet connection

Adversaries may check for Internet connectivity on compromised systems.

⚠️ TCC Required

Input Arguments:

ArgumentTypeDefault Value
testURLstrhttps://www.google.com
tell application "Safari"
  try
      activate
      -- Open the URL in a new tab
      tell window 1
          set current tab to (make new tab with properties {URL:"https://www.google.com"})
      end tell

      -- Wait for page to load
      delay 3

      -- Check if page loaded successfully by checking the URL or title
      set currentURL to URL of current tab of window 1
      set pageTitle to name of current tab of window 1

      -- Close the test tab
      close current tab of window 1

      -- Check if we got a valid result
      if currentURL contains "https://www.google.com" and pageTitle does not contain "can't" and pageTitle does not contain "error" then
        set connectionResult to true
      else
        set connectionResult to false
      end if

  on error
    set connectionResult to false
  end try

  try
    quit
  end try
  return connectionResult
end tell

Download Files

Download .scpt Download .swift Download Binary Download Application Bundle

References

T1010

Application Window Discovery

T1018

Remote System Discovery

On this page

Description from ATT&CK
Tests
Test #1 - Test Internet connection
References