AhnLab reports continued distribution of malicious Word documents containing North Korea-related lure content and macros similar to previously observed samples. Filenames referenced topics such as Chinese military strategy, broadcast questionnaires, policy networks, and cyber-safety correspondence, making the documents plausible for users interested in inter-Korean or policy issues. When macros were enabled, the documents removed protection or revealed hidden content and retrieved additional script or payload data from attacker-controlled URLs such as sarvice.medianewsonline[.]com and greengarden.kkk24[.]kr. The report lists related C2 paths and notes that this document family remains difficult for users to recognize because the decoy content appears relevant after macro execution.