k8s.io-kubernetes-v0.0.0-20260616171728-41b7f6da7dfa.zip

ZIP

BENIGN

70ef7bfede2ffcf941be57023cad73f537ef6f017253c80df3e273454910a799

AI Legitimate Kubernetes source code archive

Mal-ecule

K₂(McTe)O₁₄(AlAs₁₀C₁₄Ca₅Dy₇Er₅Eu₂I₇LaP₆Pr₂S₂Co₂Xe₄)H₇(Cm₃₂F₂₅Os₂₆Cr₄Db₁₆Po₂₂Ti)Md₄(BiBk)

Size 22.7 MB download

First seen 1 day ago

Analyzed 21 hours ago

Ecosystem go

Source proxy.golang.org

PowerShell script detecting emulator or sandbox environment

PowerShell downloads archive then executes

Go portForward/tunnelForward module

Orchestration credential paths

Systemd service modification and reload

Invoke-WebRequest cmdlet (iwr/wget/curl alias)

Restart=always directive

Systemd service file path reference

unzip extracts archive to directory

WantedBy autostart-enrollment directive

checking for firewall tool availability

k8s.io-kubernetes-v0.0.0-20260616171728-41b7f6da7dfa.zip zip

0	PK��E��k8s.io/kube[email protected]/.geneUser information fingerprinting

Objectives

command-and-control/channel/deaddrop URL dead drop / indirection pattern

command-and-control/trigger Go package init() runs network I/O on import

command-and-control/backdoor/proxy Go portForward/tunnelForward module

command-and-control/dropper/execution Hidden PowerShell Get-Content IEX

credential-access/files Go reads SSH private key paths

credential-access/vpn Go PAN-OS OpenVPN client key

evasion/anti-av/platform Embedded Defender exclusion cmdlet

exfiltration/stealer/credential Go system secret path list

impact/dos NetScaler dd zero source

0x1201
0x3a2a
0x550f
0x5687
0x5aa
0xdcf

supply-chain/recon-exfil curl queries cloud metadata service

Micro-behaviors

fs/delete lu4p/shred secure deletion library

0x1467 ×2
0x12104
0x1476
0x27d
0x292
0x299
0x2ac
0x2b7

20 of 141 traits shown

Identity

SHA-256	70ef7bfede2ffcf941be57023cad73f537ef6f017253c80df3e273454910a799
Canonical SHA-256	0028c2f78748af07c3b652fb76d15f8d0a47e2dbd902d4eea710bb55657def27
Filename	k8s.io-kubernetes-v0.0.0-20260616171728-41b7f6da7dfa.zip
Package	k8s.io/kubernetes
Version	v0.0.0-20260616171728-41b7f6da7dfa

Origin

Source	forager
Feed	pkg.go.dev
Ecosystem	go
Domain	golang.org
URL	https://proxy.golang.org/k8s.io/kubernetes/@v/v0.0.0-20260616171728-41b7f6da7dfa.zip

Timeline

First seen	16 Jun 2026 14:37 UTC
First analyzed	17 Jun 2026 00:14 UTC
Last analyzed	17 Jun 2026 00:14 UTC
Last updated	17 Jun 2026 00:14 UTC

Labeling

Label	unknown
Label source	forager
Traits version	27202

Not seeing what you expected? Let us know