ESRC reported another Kimsuky Smoke Screen artifact, a malicious DOCM file using the English name for North Korea and linked to the windowsmb account seen in earlier campaign activity. The document relied on macro-enabled Office execution and HTA retrieval paths such as christinadudley.com and login-main.bigwnet.com to continue the infection chain. The report places the sample in Kimsuky’s broader activity against South Korea and the United States, including freelance-development personas and cryptocurrency-related operational behavior. Defenders should focus on DOCM macro execution, HTA download paths, and the campaign’s repeated account and infrastructure overlaps.