ESRC identified a new KONNI campaign on 18 October 2018 and named it Operation Happy Virus based on the malware developer path and final filename, including `F:\0_work\planes\2018\forvirus\happy\Release\happy.pdb` and `happy.exe`. The activity follows earlier KONNI tradecraft using North Korea-themed lure content and spear-phishing delivery of disguised executable, SCR, or vulnerable document files. The dropper hides two Korean-language resource modules named `DOD` and `EOE`: one is an MS Word document copied from a Yonhap English-language news item, while the other is an EXE resource that is intentionally corrupted when written and executed. Metadata and resource details, including Korean code pages, Chinese-language author metadata, and reused PDB naming patterns, provide detection and clustering evidence for continued KONNI development activity.