According to Kaspersky GReAT and AMR, TajMahal is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named Tokyo and Yokohama. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its own file indexer for the victim’s machine. We discovered up to 80 malicious modules stored in its encrypted Virtual File System, one of the highest numbers of plugins they have ever seen for an APT toolset.
|2020-01-24 ⋅ Github (TheEnergyStory) ⋅ |
Project TajMahal IOCs and Registry Data Decrypter
|2019-08-01 ⋅ Kaspersky Labs ⋅ |
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
|2019-04-10 ⋅ Kaspersky Labs ⋅ |
Project TajMahal – a sophisticated new APT framework
There is no Yara-Signature yet.