ESRC warned that malware was distributed with a valid digital signature from a Korean DRM and document-security vendor, increasing the chance of bypassing trust-based defenses. After infection, the malware registered itself in Task Scheduler as “Jav Maintenance64” for recurring execution and enabled the attacker to run additional actions on the host. The analysis linked the custom encryption logic to earlier APT activity against Korean public and financial institutions and assessed the signed payload and malicious URL as part of an early-stage campaign. Defenders should review signed-code trust decisions, scheduled-task persistence, and the listed hashes and URLs from the report.