Skip to content

Hide Navigation Hide TOC

Outbound Network Connection Initiated By Cmstp.EXE (efafe0bf-4238-479e-af8f-797bd3490d2d)

Detects a network connection initiated by Cmstp.EXE Its uncommon for "cmstp.exe" to initiate an outbound network connection. Investigate the source of such requests to determine if they are malicious.

Cluster A Galaxy A Cluster B Galaxy B Level
Outbound Network Connection Initiated By Cmstp.EXE (efafe0bf-4238-479e-af8f-797bd3490d2d) Sigma-Rules CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern 1
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2