20231229_threat_inteligence_report_market.pdf (10 MB)

Genians reported APT37 activity using malicious HWP, HWPX, LNK, XLSX, and DOCX files, including lures disguised as North Korean market-price analysis documents. The campaign abused OLE objects embedded in Korean document formats to contact attacker-controlled C2 servers and trigger exploit commands. Genians connected the activity to earlier APT37 LNK and CVE-2022-41128-themed operations and emphasized the need for endpoint detection against unknown or newly combined document-exploitation techniques.