← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Credential Stuffing & C2 Config: AREK-BTC Variant (Zeppelin-Linked)
WHITE msudosos 2026-02-27 Modified: 2026-04-01
36
IOCs
MEDIUM VOLUME
IoCs for 83hcm-eadaebdbd / BF_BIND_STUFF Campaign [CONFIG_START] VERSION: 4.2.1-NSV4 SERVER_HOST: akamaihd.net/eum/results.txt AUTH_KEY: 83hcm-eadaebdbd TARGET_LIST: /nests/stuffed_cred_v4.db ACTION: BF_BIND_STUFF RETRY_LIMIT: 400 LOG_PATH: /tmp/results_log.txt [PAYLOAD_REDIRECTS] URL1: https://formsv.nycourts.gov... URL2: https://caneidhelp.miami.edu... URL3: https://www.americanexpress.com... [USER_AGENT_SPOOF] Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 [END_CONFIG]
configstartversionauthkeyurl1useragentspoofwindows ntwin64endconfig
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (1 / 36 total)
All URL domain hostname FileHash-SHA256 CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 289d5a005b6deeae1d3bdcadb4170b54f82b4a9adc4f4069f7859765e045210d 2026-02-27