Riskware/NDAoF_Mimikatz4302
Analysis
Riskware/NDAoF_Mimikatz4302 is a detection for a Riskware tool Mimikatz.
Below are some of its observed characteristics/behaviours:
- This malware has been associated with the Trigona Ransomware attack, possibly as a component tool.
- The malware displays the following user interface:
- Figure 1: Mimikatz.
- Figure 2: Mimikatz.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 11ED19D5ADBA04A194AD98BB30F37F4F
Sha256: 5603d4035201a9e6d0e130c561bdb91f44d8f21192c8e2842def4649333757ab - Md5: C1BED0D0B60A44B4166CD429F63909C5
Sha256: 69f245dc5e505d2876e2f2eec87fa565c707e7c391845fa8989c14acabc2d3f6
- Md5: 11ED19D5ADBA04A194AD98BB30F37F4F
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |