| ID | Name |
|---|---|
| ATAGS-T1126.001 | Chat Messages |
| ATAGS-T1126.002 | Cloud Instance Metadata API |
| ATAGS-T1126.003 | Container API |
| ATAGS-T1126.004 | Credentials In Files |
| ATAGS-T1126.005 | Credentials in Registry |
| ATAGS-T1126.006 | Group Policy Preferences |
| ATAGS-T1126.007 | Private Keys |
| ATAGS-T1126.008 | Shell History |
Threat Actors may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.