Alyac reported a targeted email attack that impersonated a CES 2020 delegation participation application, using a malicious HWP attachment sent to selected recipients. When opened, shellcode embedded in the Hangul document executed and was described as interfering with C2 analysis before the server delivered a 64-bit malicious DLL disguised as a video file. The excerpt identifies detections as Exploit.HWP.Agent and Trojan.Agent.113664H and gives the MD5 f865ea5f29bac6fe7f1d976a36c79713 for the malicious file. The source states the activity was related to Lazarus Group, making the HWP-based lure and staged DLL delivery relevant for tracking DPRK-linked phishing tradecraft.