AhnLab ASEC observed malicious Word documents disguised as the April issue of a military-security monthly publication, continuing a pattern of North Korea-themed document malware. The DOCX files used protected content and an external relationship in the document XML to reach a remote address and download additional content. The lure appears aimed at recipients working on North Korea-related matters, while the source notes that a legitimate version of the publication was distributed as a PDF. AhnLab detected the files as Downloader/DOC.External and warned users about increased social-engineering attacks using DPRK-themed document content.