TAJ MAHAL
TAJ MAHAL
Taj Mahal is a previously unknown and technically sophisticated Advanced Persistent Threat (APT) espionage framework, developed by a nation-state, discovered by Kaspersky Lab in the autumn of 2018. This multi-stage framework has two stages, 'Tokyo' and 'Yokohama', and is believed to have been in use for 5 years without detection. Only one known victim has been documented, a diplomatic entity from an undisclosed Central Asian country.
The second stage includes roughly 80 different modules with various capabilities including: backdoors, loaders, orchestrators, Command and Control (C2) communicators, audio recorders, keyloggers, screen and webcam grabbers, document and cryptography key stealers, and file indexer for the victim’s machine.
Included Components
WatchPoints Document stealer, C2 communication and command processor LocalInfo Performs system reconnaissance, outputs to file titled “TAJ MAHAL” AudioRecorder Captures audio from microphone, Windows COM, VOIP and Windows Metro applications Orchestrator Update/install/uninstall, selects target processes and loads plugins Reinstaller/Injector SuicideWatcher Cleanly removes the framework after a designated time IM-Stealer Steals conversation content from chat windows of instant messaging applications Indexer Indexes files on victim drives, user profiles, removable drives Thumbnailer Makes and prepares to send thumbnails of found picture files Keylogger Keystroke logger & clipboard monitor DocumentStealer Steals printed documents from spooler queue EgressSender Sends files from output queue to C2 ClientRecon Daily stateful scan of the compromised machine, sends system changes to C2 Screenshoter Takes periodic low-resolution screenshots DocumentStealer Steal documents from fixed and removable drives and written CD images WebcamSnapshot Periodically takes webcamera snapshots
Source:
https://securelist.com/project-tajmahal/90240/











