{
	"id": "5cbd5db6-ca8b-46ed-adb4-10af5f2c932a",
	"created_at": "2026-04-06T00:19:22.122063Z",
	"updated_at": "2026-04-10T13:12:43.12964Z",
	"deleted_at": null,
	"sha1_hash": "0e2831bd6435d380d0c089a4062c386362af6503",
	"title": "Regin (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28287,
	"plain_text": "Regin (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 13:33:08 UTC\r\nRegin is a sophisticated malware and hacking toolkit attributed to United States' National Security Agency (NSA)\r\nfor government spying operations. It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept\r\nin November 2014. Regin malware targeted victims in a range of industries, telecom, government, and financial\r\ninstitutions. It was engineered to be modular and over time dozens of modules have been found and attributed to\r\nthis family. Symantec observed around 100 infections in 10 different countries across a variety of organisations\r\nincluding private companies, government entities, and research institutes.\r\n[TLP:WHITE] win_regin_auto (20251219 | Detects win.regin.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.regin\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.regin\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.regin"
	],
	"report_names": [
		"win.regin"
	],
	"threat_actors": [],
	"ts_created_at": 1775434762,
	"ts_updated_at": 1775826763,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0e2831bd6435d380d0c089a4062c386362af6503.pdf",
		"text": "https://archive.orkl.eu/0e2831bd6435d380d0c089a4062c386362af6503.txt",
		"img": "https://archive.orkl.eu/0e2831bd6435d380d0c089a4062c386362af6503.jpg"
	}
}