Talos is providing coverage for Regin with detection rules for Snort and ClamAV being released. Malware is highly sophisticated and has a multi-stage architecture where each successive stage is first decrypted then executed in sequence. Once the malware has fully installed itself on the target system, it will contact a command-and-control server and exfiltrate user data, such as keystrokes and screenshots. Talos has also blocked IP addresses associated with ‘Regin’ command-And-control.”]
Source: https://blog.talosintelligence.com/2014/11/cisco-coverage-for-campaign.html