RST TI Report Digest: 10 Feb 2025

The report details the "Premium panel" phishing toolkit — a credential-harvesting framework active for over two years that targets banking, logistics and other sectors worldwide. Investigators observed reused infrastructure (shared IPs across domains), exploitation of compromised legitimate sites and temporary domains, and a central script (processor.php) that maintains browser connections and redirects victims; the report includes a comprehensive list of IOCs (multiple IPs, domains, thousands of phishing URLs, an MD5 hash and an email) to support detection and takedown efforts.