Description
[TajMahal](https://attack.mitre.org/software/S0467) is a multifunctional spying framework that has been in use since at least 2014. [TajMahal](https://attack.mitre.org/software/S0467) is comprised of two separate packages, named Tokyo and Yokohama, and can deploy up to 80 plugins.(Citation: Kaspersky TajMahal April 2019)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1016 — System Network Configuration Discovery
- T1020 — Automated Exfiltration
- T1025 — Data from Removable Media
- T1027 — Obfuscated Files or Information
- T1041 — Exfiltration Over C2 Channel
- T1055.001 — Dynamic-link Library Injection
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1115 — Clipboard Data
- T1119 — Automated Collection
- T1120 — Peripheral Device Discovery
- T1123 — Audio Capture
- T1124 — System Time Discovery
- T1125 — Video Capture
- T1129 — Shared Modules
- T1518 — Software Discovery
- T1518.001 — Security Software Discovery
- T1539 — Steal Web Session Cookie
- T1560.002 — Archive via Library