TajMahal

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
TajMahal is a technically sophisticated Advanced Persistent Threat (APT) framework, a type of malware that has been developed and used for at least five years. It was first identified by Kaspersky Lab in the autumn of 2018, but evidence shows that its presence dates back to at least August 2014, as confirmed by samples found on a victim's machine. The TajMahal malware, known for its complexity and stealth, can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. This APT framework is unique in that it consists of two different types of packages, self-named Tokyo and Yokohama. These packages add to the complexity and potential damage caused by the TajMahal malware, indicating a high level of technical sophistication from the perpetrators. The exact functionalities and impacts of these packages are part of ongoing investigations and more details about them are available to customers of the Kaspersky Intelligence Reporting service. Kaspersky Lab products detect the TajMahal APT samples as HEUR:Trojan.Multi.Chaperone.gen. This detection suggests that the TajMahal malware exhibits multiple malicious behaviors, making it a significant threat to any system it infects. As with all malware, users are advised to maintain up-to-date security software, avoid suspicious downloads, emails, and websites, and regularly back up their data to mitigate potential damage.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Yokohama
1
Yokohama is a sophisticated piece of malware, part of a full-blown spying framework that also includes another package named 'Tokyo'. This malicious software is designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be spread through suspicious downloads, ema
heur:trojan.multi.chaperone.gen
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Kaspersky
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the TajMahal Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Project TajMahal – a sophisticated new APT framework | Securelist