"value":"In July 2017, during an investigation, suspicious DNS requests were identified in a partner\u00e2\u20ac\u2122s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions.\r\n\r\nFurther investigation showed that the source of the suspicious DNS queries was a software package produced by NetSarang. Founded in 1997, NetSarang Computer, Inc. develops, markets and supports secure connectivity solutions and specializes in the development of server management tools for large corporate networks. The company maintains headquarters in the United States and South Korea.",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934ccf-6608-4565-a513-4f4b02de0b81",
"value":"ribotqtonut.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-0600-4800-af98-440202de0b81",
"value":"nylalobghyhirgh.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-b9dc-4c8c-b11c-4ea502de0b81",
"value":"jkvmdmjyfcvkf.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-aba4-4af5-8d8d-474202de0b81",
"value":"bafyvoruzgjitwr.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-fab0-4d52-a3b8-4c1102de0b81",
"value":"xmponmzmxkxkh.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-3418-4574-bc50-4e5502de0b81",
"value":"tczafklirkl.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-5f94-4101-a615-42ef02de0b81",
"value":"notped.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-f618-4dd6-aa48-41bf02de0b81",
"value":"dnsgogle.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-32e0-4bca-b864-432c02de0b81",
"value":"operatingbox.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"deleted":false,
"disable_correlation":false,
"timestamp":"1502825843",
"to_ids":true,
"type":"domain",
"uuid":"59934cd1-22b4-49a0-9af1-42b102de0b81",
"value":"paniesx.com"
},
{
"category":"Network activity",
"comment":"All Kaspersky Labs products detect and cure this threat as Backdoor.Win32.Shadowpad.a. If for some reason you can\u00e2\u20ac\u2122t use an antimalware solution you can check if there were DNS requests from your organization to these domains:",
"comment":"On Friday August 4th, 2017, our engineers in cooperation with Kaspersky Labs discovered a security exploit in our software specific to the following Builds which were released on July 18, 2017. Currently, there is no evidence that the exploit was utilized.",
