virus logo Virus

Riskware/NDAoF_Mimikatz4302

description-logoAnalysis

Riskware/NDAoF_Mimikatz4302 is a detection for a Riskware tool Mimikatz.
Below are some of its observed characteristics/behaviours:

  • This malware has been associated with the Trigona Ransomware attack, possibly as a component tool.

  • The malware displays the following user interface:

    • Figure 1: Mimikatz.


    • Figure 2: Mimikatz.

  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 11ED19D5ADBA04A194AD98BB30F37F4F
      Sha256: 5603d4035201a9e6d0e130c561bdb91f44d8f21192c8e2842def4649333757ab
    • Md5: C1BED0D0B60A44B4166CD429F63909C5
      Sha256: 69f245dc5e505d2876e2f2eec87fa565c707e7c391845fa8989c14acabc2d3f6


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2023-12-18 91.09831
2023-03-21 91.01630
2023-03-17 91.01512
ID 10129608
Released Mar 17, 2023
Description
Updated		 Mar 17, 2023
Aliases Trigona Ransomware,Mimikatz,
Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.