check Internet connectivity via WinINet

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: check Internet connectivity via WinINet
    namespace: host-interaction/network/connectivity
    authors:
      - matthew.williams@mandiant.com
      - michael.hunhoff@mandiant.com
    scopes:
      static: basic block
      dynamic: unsupported  # requires mnemonic features
    att&ck:
      - Discovery::System Network Configuration Discovery::Internet Connection Discovery [T1016.001]
    examples:
      - 648FC498110B11B4313A47A776E6BA40:0x6633F0
  features:
    - or:
      - and:
        - or:
          - api: wininet.InternetGetConnectedState
          - api: wininet.InternetCheckConnection
        - optional:
          - instruction:
            - mnemonic: cmp
            - or:
              - number: 0 = FALSE
              - number: 1 = TRUE
      - api: wininet.InternetAttemptConnect

last edited: 2023-11-24 10:34:28