Threat description




Backdoor:W32/BlackEnergy is a crimeware toolkit that has been modified for use in information gathering in advanced persistent threat (APT) atttacks.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.

Technical Details

BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014, certain samples of BlackEnergy malware were observed targeting Ukranian government organizations for information harvesting. These samples were identified as being the work of one group (identified as "Quedagh") which has a history of targeting political organizations.

For more details of Backdoor:W32/BlackEnergy's use in APT attacks, see Whitepapers: BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Scan & Clean Your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

More Info