Introducing ToyMaker

SUMMARY :

The initial access broker (IAB), whom Talos calls “ToyMaker” and assesses with medium confidence is a financially motivated threat actor, exploits vulnerable systems exposed to the internet. They deploy their custom-made backdoor we call “LAGTOY” and extract credentials from the victim enterprise. LAGTOY can be used to create reverse shells and execute commands on infected endpoints.

OPENCTI LABELS :

powershell,ransomware,persistence,anydesk,winscp,ssh,impacket,metasploit,bugsleep,initial access broker,cactus,file transfer,lagtoy,toymaker,magnet ram,capture,holerun


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Introducing ToyMaker