AhnLab ASEC observed malicious Word document distribution using North Korea's April 25 military parade as lure content. The attacker uploaded the document to a suspected compromised South Korean web server alongside benign HWP documents that appeared related to prior OLE object or EPS vulnerability delivery methods. The malicious file was packaged in an encrypted data.zip, preventing document recovery, but ASEC assessed from the known attack pattern that it likely used wscript.exe to exfiltrate PC information. The activity targeted people in security, politics, and diplomacy, reinforcing the need to avoid opening unsolicited attachments or enabling macros from unclear senders. ASEC identified the detection as Trojan/HTML.Loader and listed MD5 6cc09bc6e605b59d7eb48eb266f798f8.