LTS Secure Warning: Overview Of TajMahal APT Framework

TajMahal is a highly technically & a sophisticated APT framework, which was discovered by Kaspersky Lab in 2018. Developed as a spying framework, which consists of two core packages, Tokyo & Yokohama. It consists of backdoors, orchestrators, loaders, C&C communicators, keyloggers & audio recorders. Till now 80 malicious modules stored in its encrypted Virtual File System have been identified, giving the attacker to perform various kinds of attacks scenario.

 

Technical Details

The TajMahal framework consists of two core packages, Tokyo & Yokohama. Tokyo is used in the first stage to infect the targeted machine. The package consist of –

  • 3 modules
  • Backdoor
  • Powershell Scripts
  • Contacts C&C server
  • Stays in target machine as backup

Once done, the fully functional Yokohama package is deployed on the target machine. The package consist of –

  • Up to 80 modules
  • Encrypted Virtual file system
  • Plugin, libraries, configuration files & more

Both the packages share the same code base.

Impact

  • Steals cookies and data from browsers.
  • Steal documents that are sent to printer queue.
  • Log keystrokes
  • Steal data from a CD images
  • Steal specific files from external storage devices  once they become available again

 

Conclusion

The TajMahal framework is one of the most intriguing discovery in recent time that  is of great interest for the InfoSec community. The huge amount of modules that can be used to implement a number of features is something we have never before seen in any other APT toolset.

 

LTS Secure Next Gen. SIEM uses it integration with OTX to help identify earlier signs of Compromise and initiation of Risk Mitigation Automatons for such an advanced threats on IT infrastructure.

LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History