The report analyzes a Kimsuky malware sample that the author assesses may be related to Korea University targeting. The source provides SHA-1 and SHA-256 hashes and shows heavily obfuscated command content associated with the sample. Because the available evidence is sample-centric, the strongest CTI value is malware tracking and lure-context awareness rather than confirmed victim attribution.