Neoichor

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Neoichor is a type of malware used by NICKEL for command and control, along with other malware families Leeson, NumbIdea, NullItch, and Rokum. Malware is harmful software that can infect a system through suspicious downloads, emails, or websites and can steal personal information or disrupt operations. Neoichor is designed to connect and receive commands from hardcoded C2 servers using the Internet Explorer (IE) COM interface. To ensure internet connectivity, Neoichor checks for connectivity by contacting bing.com with the request format bing.com?id= and drops files as ~atemp and ~btemp containing error codes and debug resources. MSTIC tracks multiple malware families used by NICKEL, including Neoichor, Leeson, and NumbIdea. While Neoichor is one of the more commonly used malware families, it is not unique in its use of the IE COM interface or contacting C2 servers. Overall, Neoichor is a dangerous malware family used by NICKEL for command and control purposes. It can infect systems through suspicious downloads, emails, or websites and can disrupt operations or steal personal information. To protect against Neoichor, it is important to have robust anti-malware software and to avoid suspicious downloads, emails, or websites.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NICKELUnspecified
1
Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Neoichor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog