Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:03:51 UTC
Home > List all groups > List all tools > List all groups using tool Neptun
 Tool: Neptun
Names Neptun
Category Malware
Type Backdoor, Info stealer, Downloader, Exfiltration
Description
(Symantec) Neptun is installed on Microsoft Exchange servers and is designed to passively
listen for commands from the attackers. This passive listening capability makes the malware
more difficult to detect. Neptun is also able to download additional tools, upload stolen files,
and execute shell commands.
Information
<https://symantec-blogs.broadcom.com/blogs/threat-intelligence/waterbug-espionage-governments>
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
All groups using tool Neptun
Changed Name Country Observed
APT groups
  Turla, Waterbug, Venomous Bear 1996-2024  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b74d2b0a-2ec8-48c5-b55c-1e82f8971c56
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b74d2b0a-2ec8-48c5-b55c-1e82f8971c56
Page 1 of 1