diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88a0467b6..3d40d5bfe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,6 +78,7 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - A bug where T1216_random_executable.exe was copied to disk even if the signed
   script proxy execution PBA was disabled. #1864
 - Unnecessary collection of kerberos credentials. #1771
+- A bug where bogus users were collected by Mimikatz and added to the config. #1860
 
 
 ### Security
diff --git a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
index 1b772580d..57161c47f 100644
--- a/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
@@ -1,6 +1,8 @@
 import logging
 from typing import Sequence
 
+from model import USERNAME_PREFIX
+
 from infection_monkey.credential_collectors import LMHash, NTHash, Password, Username
 from infection_monkey.i_puppet.credential_collection import Credentials, ICredentialCollector
 
@@ -23,7 +25,11 @@ class MimikatzCredentialCollector(ICredentialCollector):
         for win_cred in win_creds:
             identities = []
             secrets = []
-            if win_cred.username:
+
+            # Mimikatz picks up users created by the Monkey even if they're successfully deleted
+            # since it picks up creds from the registry. The newly created users are not removed
+            # from the registry until a reboot of the system, hence this check.
+            if win_cred.username and not win_cred.username.startswith(USERNAME_PREFIX):
                 identity = Username(win_cred.username)
                 identities.append(identity)
 
diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py
index 19f96cdae..3d53b5d86 100644
--- a/monkey/infection_monkey/model/__init__.py
+++ b/monkey/infection_monkey/model/__init__.py
@@ -5,6 +5,9 @@ MONKEY_ARG = "m0nk3y"
 DROPPER_ARG = "dr0pp3r"
 ID_STRING = "M0NK3Y3XPL0ITABLE"
 
+# Username prefix for users created by Infection Monkey
+USERNAME_PREFIX = "somenewuser"
+
 # CMD prefix for windows commands
 CMD_EXE = "cmd.exe"
 CMD_CARRY_OUT = "/c"
diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
index 01843b242..3e9c0d9ee 100644
--- a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
+++ b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
@@ -5,6 +5,8 @@ import string
 import subprocess
 from typing import Dict
 
+from model import USERNAME_PREFIX
+
 from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_BACKDOOR_USER
 from infection_monkey.i_puppet.i_puppet import PostBreachData
 from infection_monkey.post_breach.pba import PBA
@@ -23,8 +25,6 @@ CREATED_PROCESS_AS_USER_FAILED_FORMAT = (
     "Created process '{}' as user '{}', but the process failed (exit status {}:{})."
 )
 
-USERNAME_PREFIX = "somenewuser"
-
 logger = logging.getLogger(__name__)