Hi
For those who don’t have a FortiAnalyzer to track abuse traffic to known #regin C&C servers here is a custom IPS signature for your FortiGate Firewall.
Please only use “detect” for this custom IPS and please test before use in production!
F-SBID(–attack_id 1003; –name “Regin.C.C.IP.custom”; –protocol tcp; –dst_addr [61.67.114.73,202.71.144.113,203.199.89.80,194.183.237.145]; )
THX to @Kaspersky for detailed analysis
Have fun!
sirhartmann 