SLICKSHOES

SLICKSHOES is a corrupted implant used by the HIDDEN COBRA Advanced Persistent Threat (APT) group – one of North Korea's most popular cybercrime organizations. SLICKSHOES appears to be used for short-term and swift attacks since it does not attempt to gain persistence on the infected host. This means that once the computer is restarted, SLICKSHOES will be offline – the only way it can work again is if the victim tries to open the corrupted file. Despite this, SLICKSHOES is still a threat that can be used to collect data, monitor the victim's activity, and deploy additional payloads that will provide the attacker with long-term access to the compromised host.

Upon execution, the SLICKSHOES malware drops its payload under the name 'taskenc.exe' and executes it immediately. Once running, SLICKSHOES will ping the attacker's control server, and it will be ready to receive further instructions. The list of features that the implant supports is small relatively, but this is not a surprise considering that it is meant to work for just a few hours. SLICKSHOES can:

• Terminate itself and delete all artifacts linked to its activity.
• Change the working directory.
• Execute remote commands.
• List directories and files.
• Receive and run files transmitted by the attacker.
• Capture screenshots at regular intervals and transfer them to the attacker's server.

Networks can be protected by threats like the SLICKSHOES by making sure that the firewall is configured properly, and all systems are protected by an up-to-date anti-malware application. In addition to this, employees interacting with these networks should be familiar with the best cybersecurity practices.