Suspicious Shim Database Patching Activity (bf344fea-d947-4ef4-9192-34d008315d3a)

Detects installation of new shim databases that try to patch sections of known processes for potential process injection or persistence.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Suspicious Shim Database Patching Activity (bf344fea-d947-4ef4-9192-34d008315d3a)	Sigma-Rules	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2