The source analyzes a Kimsuky-attributed malicious Word document named “document.doc (copy).doc” that used macro execution to run VBScript through wscript.exe. The lure content referenced South Korean politics and North Korea policy topics, suggesting targeting of journalists, policymakers, or organizations working on inter-Korean issues. Execution created an Office version.xml script under the user profile, which used MSXML2.ServerXMLHTTP to request and execute code from a compromised Korean-hosted C2 path at miracle.designsoup.co.kr. The report provides file hashes for the document and walks through the obfuscated macro logic used to build the remote URL and persistence path.