← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Credential Stuffing & C2 Config: AREK-BTC Variant (Zeppelin-Linked)
IoCs for 83hcm-eadaebdbd / BF_BIND_STUFF Campaign
[CONFIG_START]
VERSION: 4.2.1-NSV4
SERVER_HOST: akamaihd.net/eum/results.txt
AUTH_KEY: 83hcm-eadaebdbd
TARGET_LIST: /nests/stuffed_cred_v4.db
ACTION: BF_BIND_STUFF
RETRY_LIMIT: 400
LOG_PATH: /tmp/results_log.txt
[PAYLOAD_REDIRECTS]
URL1: https://formsv.nycourts.gov...
URL2: https://caneidhelp.miami.edu...
URL3: https://www.americanexpress.com...
[USER_AGENT_SPOOF]
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
[END_CONFIG]
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://akamaihd.net/eum/results.txt | — | 2026-02-27 | |
| URL | https://caneidhelp.miami.edu | — | 2026-02-27 | |
| URL | https://formsv.nycourts.gov | — | 2026-02-27 | |
| URL | https://www.americanexpress.com | — | 2026-02-27 | |
| URL | http://ASP.NET/IIS | — | 2026-02-27 | |
| URL | https://tor.sebastianhahn.net | — | 2026-02-28 | |
| URL | https://www.transfermarkt.us/jordan-sea/leistungsdatendetails/spieler/1171059 | — | 2026-02-28 | |
| URL | https://mail.groen.live/bins/arm6.orenji | — | 2026-02-28 | |
| URL | https://fonts.bunny.net/css | — | 2026-02-28 | |
| URL | https://www.virustotal.com/gui/search/entity%3Adomain%20txt%3Adocusign%3Da0cbf796%2Dbb93%2D4544%2Dbab0%2Df637c55cc80d | — | 2026-02-28 | |
| URL | http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt | — | 2026-02-28 |