Genians analyzes a Konni APT campaign using Bitcoin market interest and virtual-asset exchange themes to deliver malware in South Korea. The attack distributes a ZIP containing a decoy PDF and a malicious LNK disguised as a DOCX personal-information consent form; the LNK runs obfuscated PowerShell, creates a replacement DOCX and UHCYbG.cab under public paths, then launches VBS and batch components. Follow-on scripts collect download, document, desktop, and system information, attempt exfiltration to stuckss.com, and download additional payloads from attacker-controlled infrastructure such as goosess.com. The source links the activity to earlier Konni campaigns through code similarity and LNK, VBS, and BAT tradecraft.