Hide Navigation Hide TOC Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) Analyzing a call stack for return addresses which point to unexpected memory locations. Cluster A Galaxy A Cluster B Galaxy B Level Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND 1 Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND Exploitation for Credential Access - T1212 (9c306d8d-cde7-4b4c-b6e8-d0bb16caca36) Attack Pattern 1 Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1 Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND 1 Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND 1 Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 1 Memory Boundary Tracking (aa139b8e-02a6-530a-8b44-902ad7d8cca0) MITRE D3FEND Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b) Attack Pattern 1 Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 2 Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 2