Neoichor

Neoichor is a type of malware used by NICKEL for command and control, along with other malware families Leeson, NumbIdea, NullItch, and Rokum. Malware is harmful software that can infect a system through suspicious downloads, emails, or websites and can steal personal information or disrupt operations. Neoichor is designed to connect and receive commands from hardcoded C2 servers using the Internet Explorer (IE) COM interface. To ensure internet connectivity, Neoichor checks for connectivity by contacting bing.com with the request format bing.com?id= and drops files as ~atemp and ~btemp containing error codes and debug resources. MSTIC tracks multiple malware families used by NICKEL, including Neoichor, Leeson, and NumbIdea. While Neoichor is one of the more commonly used malware families, it is not unique in its use of the IE COM interface or contacting C2 servers. Overall, Neoichor is a dangerous malware family used by NICKEL for command and control purposes. It can infect systems through suspicious downloads, emails, or websites and can disrupt operations or steal personal information. To protect against Neoichor, it is important to have robust anti-malware software and to avoid suspicious downloads, emails, or websites.