← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Credential Stuffing & C2 Config: AREK-BTC Variant (Zeppelin-Linked)
IoCs for 83hcm-eadaebdbd / BF_BIND_STUFF Campaign
[CONFIG_START]
VERSION: 4.2.1-NSV4
SERVER_HOST: akamaihd.net/eum/results.txt
AUTH_KEY: 83hcm-eadaebdbd
TARGET_LIST: /nests/stuffed_cred_v4.db
ACTION: BF_BIND_STUFF
RETRY_LIMIT: 400
LOG_PATH: /tmp/results_log.txt
[PAYLOAD_REDIRECTS]
URL1: https://formsv.nycourts.gov...
URL2: https://caneidhelp.miami.edu...
URL3: https://www.americanexpress.com...
[USER_AGENT_SPOOF]
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
[END_CONFIG]
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://akamaihd.net/eum/results.txt | — | 2026-02-27 | |
| URL | https://caneidhelp.miami.edu | — | 2026-02-27 | |
| URL | https://formsv.nycourts.gov | — | 2026-02-27 | |
| URL | https://www.americanexpress.com | — | 2026-02-27 | |
| domain | akamaihd.net | — | 2026-02-27 | |
| hostname | caneidhelp.miami.edu | — | 2026-02-27 | |
| hostname | formsv.nycourts.gov | — | 2026-02-27 | |
| hostname | www.americanexpress.com | — | 2026-02-27 | |
| FileHash-SHA256 | 289d5a005b6deeae1d3bdcadb4170b54f82b4a9adc4f4069f7859765e045210d | — | 2026-02-27 | |
| CVE | CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | 2026-02-27 | |
| domain | domain2026.icu | — | 2026-02-27 | |
| URL | http://ASP.NET/IIS | — | 2026-02-27 | |
| domain | digital-fortress.com | — | 2026-02-27 | |
| URL | https://tor.sebastianhahn.net | — | 2026-02-28 | |
| domain | transfermarkt.us | — | 2026-02-28 | |
| URL | https://www.transfermarkt.us/jordan-sea/leistungsdatendetails/spieler/1171059 | — | 2026-02-28 | |
| URL | https://mail.groen.live/bins/arm6.orenji | — | 2026-02-28 | |
| hostname | cloud-test.guiase.net | — | 2026-02-28 | |
| URL | https://fonts.bunny.net/css | — | 2026-02-28 | |
| domain | everesttech.com | — | 2026-02-28 | |
| domain | everesttech.com | — | 2026-02-28 | |
| domain | cambridgecapital.com | — | 2026-02-28 | |
| hostname | fixed-186-96-145-241.totalplay.net | — | 2026-02-28 | |
| domain | appleremotesupport.com | — | 2026-02-28 | |
| hostname | smtp.secureserver.net | — | 2026-02-28 | |
| domain | cohassetpolice.com | — | 2026-02-28 | |
| hostname | wp.wpenginepowered.com | — | 2026-02-28 | |
| domain | apple-securityiphone-icloud.com | — | 2026-02-28 | |
| URL | https://www.virustotal.com/gui/search/entity%3Adomain%20txt%3Adocusign%3Da0cbf796%2Dbb93%2D4544%2Dbab0%2Df637c55cc80d | — | 2026-02-28 | |
| URL | http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt | — | 2026-02-28 | |
| domain | chandlerchessclub.org | — | 2026-03-01 | |
| domain | awesomecarsforsale.com | — | 2026-03-02 | |
| domain | cohassetk12.org | — | 2026-03-03 | |
| hostname | ma01907530.schoolwires.net | — | 2026-03-03 | |
| domain | cohassetpolice.gov | — | 2026-03-03 | |
| domain | cohassetmapolice.gov | — | 2026-03-03 |