Phishing campaigns

This repository contains papers on APT groups, which include examples of emails used in the phishing campaigns. Often, papers on APT group attacks do not provide email examples, which prompted me to create a repository that specifically includes on papers containing phishing emails. This list will be gradually expanded. Contributions are welcome. For reliability, each link has been duplicated through web archive.

• APT29
  • Election Fraud Themed Phishing Campaigns
  • Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs
  • Covid-19 Phishing Company
  • No Easy Breach
• APT35
  • The Wall Street Journal Attack
  • Happy New Year
  • The Kittens Are Back in Town 1-3
• Tonto Team
  • Russian organizations Under Attack By Chinese APTs
  • Exploring the TTPs of an advanced threat actor operating a large infrastructure
• Konni
  • “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants
  • Meeting the Ministrer
• SideWinder
  • Covid-19 Phishing Company
  • Global Perspective
• APT-C-36
  • APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity
  • Attacks on Colombian companies
• APT10
  • Chinese APT espionage operation against Russian state-owned defense institutes
  • Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes
  • Targeting Japanese Corporations
• APT28
  • Hackers Attack US Senate
  • Hackers Target Foreign Ministries
  • Happy New Year
  • The phishing attack against John Podesta
  • Nato meeting
  • Google Drive and IMAP Remote Access Trojans (RATs)
  • En Route with Sednit
  • APT28 Adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
  • Dear Joohn: The Sofacy Group’s Global Campaign
  • Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
• DPRK-nexus
  • Adversary Targets South Korean Individuals in a New Chapter of Kitty Phishing Operations
• admin@338
  • Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
• APT12
  • Taiwanese government ministry
• TA413
  • Covid-19 Phishing Company
• APT32
  • Wuhan Government and Chinese Ministry of Emergency Management
• APT33
  • New US-Targeted Campaign as Tensions Mount
• APT37
  • Korea In The Crosshairs
• APT41
  • Dual espionage and cyber crime operation
• APT43
  • North Korean Group Uses Cybercrime to Fund Espionage Operations
• BITTER
  • APT adds Bangladesh to their targets
  • Targeted attack against Pakistan
• BRONZE BUTLER
  • Operation ENDTRADE
• Cobalt Group
  • Attack on banks
  • CVE-2017-0199
  • CVE-2017-0199 #2
  • CVE-2017-8759
  • Cobalt Snatch
  • New spear phishing campaign targets Russian dissidents
• Ember Bear
  • Spear Phishing Attacks Target Organizations in Ukraine
• EXOTIC LILY
  • This isn't Optimus Prime's Bumblebee but it's Still Transforming
  • Exposing initial access broker with ties to Conti
• FIN7
  • Just phishing
  • Pursuing an Enigmatic and Evasive Global Criminal Operation
• Gamaredon Group
  • Group grows its game
  • Attack on Ukrainian organizations
  • Attack on Ukrainian organizations #2
• IndigoZebra
  • Attacking Central Asia with Evolving Tools
• Lazarus Group
  • Operation "Dream Job"
  • Attack targeting the defence industry
  • TARGETED ATTACKS AGAINST EUROPEAN AEROSPACE AND MILITARY COMPANIES
• LazyScripter
  • From Empire to double RAT
• Molerats
  • Operation "SneakyPastes"
• MuddyWater
  • Attacks Targeting organizations in the Middle East
  • MD5 Hash Phishing
• Nomadic Octopus
  • Cyber espionage in Central Asia
• Patchwork
  • US Think Tanks
• Scarlet Mimic
  • Years-Long Espionage Campaign Targets Minority Activists
• Silence
  • A new Trojan attacking financial organizations
  • Going Global
  • Moving into darkside
• Silent Librarian
  • Goes Back to School…Again
  • Library access
  • More to the Story of the IranianMabna Institute Indictment
• TA505
  • ServHelper and FlawedGrace
  • Infecting the network with Sdbot RAT
  • Leaked Ammyy Admin Source Code Turned into Malware
  • Shifts with the times
  • New SDBbot Remote Access Trojan with Get2 Downloader
  • Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT
• TA551
  • Email Attack Campaign Switches from Valak to IcedID
  • Evolution of Valak, from Its Beginnings to Mass Distribution
• Threat Group-3390
  • Uncovering DRBControl
• Tropic Trooper
  • A Malware Campaign Targeting the Tibetan Diaspora Resurface
  • Government employee
  • Targeting Taiwanese Government and Fossil Fuel Provider With Poison Ivy
• Wizard Spider
  • Resilient, Reactive and Resolute
• OldGremlin
  • Groupib Report
• UAC-0056
  • Fake antivirus updates used to deploy Cobalt Strike in Ukraine
  • Spear Phishing Attacks Target Organizations in Ukraine
  • There's a Go Elephant in the room
• Ghostwriter
  • State Actor Uses CompromisedPrivate Ukrainian Military Emails to Target EuropeanGovernments and Refugee Movemen
• Rocket Kitten
  • Operation Woolen-GoldFish
• Buhtrap
  • Attack on Russian and Belarusian financial institutions
  • Group-IB threat research
• Unidentified APT Groupings
  • Uri Terror attack & Kashmir Protest Themed spear phishingemails targeting Indian Embassies and Indian Ministry ofexternal affairs
  • Spear Phishing Emails to IndianGovernment Officials
  • Russian Bank Offices Hit with Broad Phishing Wave
• Watch Wolf
  • Watch Wolf targets accountants through SEO poisoning
• Quartz Wolf
  • New hacker group Quartz Wolf leverages legitimate software to attack the hospitality industry
• RedCurl
  • Кудри примелькались: кибершпионы из RedCurl атаковали банк от имени популярного маркетплейса
  • The pentest you didn’t know about

Sources:

- Internet
- https://github.com/aptnotes/data
- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
- https://github.com/blackorbird/APT_REPORT
- https://t.me/RalfHackerChannel