AhnLab ASEC attributed a malicious Word-document APT lure disguised as an Uljin forest-fire donation receipt to Kimsuky. The document was created on March 28 by an author name previously seen in ASEC reporting and reused earlier Kimsuky tradecraft while changing the generated batch filename to moster.bat. When macros run, moster.bat registers start.vbs in the Run key, launches no4.bat, and reaches hxxp://nomonth-man[.]com/dfg04/%COMPUTERNAME%.txt to download additional content. ASEC assessed the actor as broadening targets beyond North Korea-related and cryptocurrency personnel, making the social-issue lure notable for Korean users handling unsolicited Word files.