Novel Evilginx Frontend - Lowering the barrier for token theft reuse

This report describes the discovery and technical analysis of a single-file HTML/JavaScript Microsoft 365 AiTM operator panel hosted on DigitalOcean that integrates with Evilginx Pro to automatically import stolen Graph API bearer tokens, refresh and persist them, and provide a pixel-perfect Outlook-style UI for browsing and abusing victim mail, OneDrive, Teams, SharePoint and administrative capabilities. The panel enables tenant-scale impact (including MFA removal, Temporary Access Pass issuance, role assignment, mailbox impersonation and tenant-wide data access), ships with exportable .m365db token files and CORS-proxy helpers, and lists active IOCs (three IPs, a domain, ASN, and a content-length fingerprint) plus defensive detection advice.