Reaper/APT37 is described using a malicious LNK file named “National Intelligence and Counterintelligence Manuscript.lnk” against South Korea–focused North Korea watchers. The targeted audience includes human rights groups, journalists covering North Korea, defectors, and university professors, consistent with RoKRAT-style targeting. The shortcut runs PowerShell to extract embedded HWP decoy content and payload files from fixed offsets, drops ttf01.dat, ttf02.dat, and a BAT script into the temp directory, and deletes the original LNK. The payload flow uses XOR decryption with key 3, allocates executable memory, changes it to RWX with VirtualProtect, writes shellcode with Marshal.WriteByte, and runs it through CreateThread. The excerpt provides hashes for the LNK and shows use of hidden 32-bit PowerShell execution, making the sample useful for detection and DPRK-focused intrusion tracking.