Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)

Analyzing a call stack for return addresses which point to unexpected memory locations.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	1
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0)	MITRE D3FEND	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	2