Skip to content

Hide Navigation Hide TOC

New Custom Shim Database Created (ee63c85c-6d51-4d12-ad09-04e25877a947)

Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time.

Cluster A Galaxy A Cluster B Galaxy B Level
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern New Custom Shim Database Created (ee63c85c-6d51-4d12-ad09-04e25877a947) Sigma-Rules 1
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2