The Korean analysis describes a Kimsuky-linked CHM malware lure targeting people who work on North Korea issues, using a document titled as a DailyNK representative's discussion of North Korean human rights group activity. The lure arrived in a password-protected ZIP and displayed benign Korean human rights content, but the CHM page embedded a base64 encoded command that wrote mini.dat under the user profile, decoded it with certutil into mini.vbs, and registered it under HKCU\Software\Microsoft\Windows\CurrentVersion\Run for logon persistence. The decoded VBScript used Microsoft.XMLHTTP to fetch and execute code from hxxp://file.com-port.space/indeed/show.php?query=50. The source provides hashes for the CHM and generated mini.vbs plus observed network endpoints and VirusTotal detections.