APT37/Reaper activity is tied to a malicious HWP document disguised as an eligibility form for humanities and social-sciences doctoral research support. The excerpt says the group is associated with espionage-focused targeting of government, military, large-enterprise, human-rights, and regional business victims, and it links the tradecraft to RokRAT-style capabilities such as credential theft, data exfiltration, screenshots, system discovery, command execution, and file management. The document abuse centers on an embedded OLE object rather than an HWP software vulnerability, with compressed data revealing a hidden C2 URL under host.sharingdocument[.]one. The lure appears to impersonate a university research office context, making the sample relevant for defenders tracking DPRK document-based social engineering and cloud/C2-enabled collection activity.