Malware
Mimikatz
First seen: 2011-04 • Status: active
Currently Active Threat
Mimikatz is a tool that pulls passwords out of Windows computer memory. Almost every hacker uses it to steal credentials after breaking in.
Overview
Mimikatz is a credential dumping tool created by Benjamin Delpy. It extracts passwords, hashes, and Kerberos tickets from Windows memory.
How It Spreads
- • Post-exploitation deployment
- • Attacker toolkit
What It Does
- • Dumps passwords from memory
- • Extracts Kerberos tickets
- • Pass-the-hash attacks
- • Golden ticket attacks
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for LSASS access
- • Watch for Mimikatz signatures
MITRE ATT&CK Techniques
T1003, T1558, T1550
If You're Infected
- 1.
Assume all credentials compromised
- 2.
Reset all domain passwords
- 3.
Reset KRBTGT password twice
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required