Konni is reported using a malicious LNK file disguised as a Hangul Word Processor document about North Korean internal market controls and price trends. The source says the file is designed to look like an HWP attachment, but execution launches PowerShell-based activity instead, making it relevant to shortcut-abuse, document-lure, and script-execution detections. The report includes hashes for the sample and discusses how the lure and filename support social engineering around North Korea-related policy or internal-information themes. Defenders should validate the listed hashes, command-line behavior, and shortcut metadata against endpoint telemetry before operationalizing any indicators.