SYMBOLCOMMON_NAMEaka. SYNONYMS
win.chaperone (Back to overview)

Chaperone

aka: Taj Mahal

According to Kaspersky GReAT and AMR, TajMahal is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named Tokyo and Yokohama. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its own file indexer for the victim’s machine. We discovered up to 80 malicious modules stored in its encrypted Virtual File System, one of the highest numbers of plugins they have ever seen for an APT toolset.

References
2020-01-24Github (TheEnergyStory)R136a1
@online{r136a1:20200124:project:668d490, author = {R136a1}, title = {{Project TajMahal IOCs and Registry Data Decrypter}}, date = {2020-01-24}, organization = {Github (TheEnergyStory)}, url = {https://github.com/TheEnergyStory/malware_analysis/tree/master/TajMahal}, language = {English}, urldate = {2020-01-27} } Project TajMahal IOCs and Registry Data Decrypter
Chaperone
2019-08-01Kaspersky LabsGReAT
@online{great:20190801:trends:5e25d5b, author = {GReAT}, title = {{APT trends report Q2 2019}}, date = {2019-08-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2019/91897/}, language = {English}, urldate = {2020-08-13} } APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy Microcin
2019-04-10Kaspersky LabsAMR, GReAT
@online{amr:20190410:project:460b6e5, author = {AMR and GReAT}, title = {{Project TajMahal – a sophisticated new APT framework}}, date = {2019-04-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/project-tajmahal/90240/}, language = {English}, urldate = {2019-12-20} } Project TajMahal – a sophisticated new APT framework
Chaperone

There is no Yara-Signature yet.