?
You mean like this one
https://www.virustotal.com/en/file/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047/analysis/
Quote from Ken Bechtal on tenable dot com:
While Regin is complex and goes to great means to hide its presence and covertly communicate, its key weakness is communications. In order to update, and to report the captured keylogs back to their source of control, Regin performs bi-directional communications. This weakness is common in botnets and espionageware. We at Tenable Network Security have been advocating the need to monitor abnormal network activity for some time. While detecting network abnormal traffic isn’t the same as preventing the malware, it often leads to detection of compromised hosts and allows organizations to monitor or close those communications points.
pol