Kubeletmein - A tool for abusing kubelet credentials
Tags
attack-pattern: Data Cloud Account - T1087.004 Cloud Account - T1136.003 Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID b59cf9da-6de5-4e0b-a4ce-fec700ffce64
Fingerprint 87fb50589fe519b5
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 6, 2018, 8 a.m.
Added to db Jan. 18, 2023, 10:45 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Kubeletmein - A tool for abusing kubelet credentials
Title Kubeletmein - A tool for abusing kubelet credentials
Detected Hints/Tags/Attributes 36/1/29
Source URLs
Redirection Url
Details Source https://www.4armed.com/blog/kubeletmein-kubelet-hacking-tool/
URL Provider
Details Provider Source level domain
Details 4armed.com www.4armed.com
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details Domain 50 
cloud.google.com
Details Domain 1 
docs.helm.sh
Details Domain 19 
rbac.authorization.k8s.io
Details Domain 2 
clusterrolebinding.rbac.authorization.k8s.io
Details Domain 48 
storage.googleapis.com
Details Domain 1 
github-production-release-asset-2e65be.s3.amazonaws.com
Details Domain 71 
kubernetes.io
Details Domain 2 
service-account.name
Details File 1 
clusterrolebinding.rb
Details File 2 
stable.txt
Details File 5 
ca-certificates.crt
Details File 2 
kubelet.crt
Details File 3 
kubelet.key
Details File 32 
ca.crt
Details Github username 4 
4armed
Details IPv4 1 
35.188.62.53
Details IPv4 1 
108.177.112.128
Details IPv4 2 
192.30.253.112
Details IPv4 1 
52.216.138.12
Details IPv4 1 
10.36.1.8
Details Url 1 
https://github.com/4armed/kubeletmein.
Details Url 3 
https://cloud.google.com
Details Url 1 
https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append
Details Url 1 
https://docs.helm.sh/using_helm/#installing
Details Url 1 
https://docs.helm.sh/using_helm/#securing
Details Url 2 
https://storage.googleapis.com/kubernetes-release/release
Details Url 2 
https://storage.googleapis.com/kubernetes-release/release/stable.txt
Details Url 1 
https://github.com/4armed/kubeletmein/releases/download/v0.5.3/kubeletmein_0.5.3_linux_amd64