LoFP
/
t1218.003
t1218.003
Title
Tags
legitimate cmstp use (unlikely in modern enterprise environments)
t1218
t1218.003
t1548
t1548.002
t1559
t1559.001
windows
sigma
legitimate process that are not in the exception list may trigger this event.
t1218
t1218.003
endpoint
splunk
legitimate use of cmstp.exe utility by legitimate user
t1218
t1218.003
t1548
t1548.002
windows
sigma
legitimate windows application that are not on the list loading this dll. filter as needed.
t1218
t1218.003
endpoint
splunk
not so common. but 3rd part app may load this dll.
t1218
t1218.003
endpoint
splunk
unikely
t1218
t1218.003
windows
sigma