Malware was found by Kaspersky in late 2018 to be targeting a single Central Asian diplomatic agency. It has two parts, or packages, named “Tokyo” and “Yokohama,” which together contain 80 malicious plug-in modules. The sophistication of the malware is evident when file exfiltration is observed. It can also take screenshots when recording VoiceIP app audio, as well as stealing Internet Explorer, Netscape Navigator, FireFox and RealNetworks cookies.”]
Source: https://www.darkreading.com/abtv/who-built-the-taj-mahal/a/d-id/750823