Threat Intelligence Report

REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation

📅 April 14, 2026 📰 intel.breakglass.tech 🔍 0 CVE(s) referenced

An exposed open directory led to the discovery of REFUNDEE, a sophisticated phishing and remote access platform targeting Spanish and Portuguese speakers, featuring a multi-operator infrastructure, advanced RAT capabilities, and significant operational security failures that enabled full recovery of its C2 source code and attribution to a Bulgarian-based actor.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle