Hauri reported phishing emails in South Korea disguised as requests for public input on internet address policy decisions. The emails encouraged recipients to open a password-protected document and enable macros after entering a password supplied in the message. Once macros were enabled, the document contacted a C2 server to download encoded PE data, decode it, and execute it from document memory. The listed C2 path was http://1xJOiKZd[.]naveicoipa[.]tech/ACMS/Cjtpp17D/Cjtpp17D32.acm, though the server was no longer reachable at analysis time. The campaign matters because it paired policy-themed social engineering with macro-based payload retrieval against domestic users.