APT37/Reaper is linked in the source to a malicious LNK file disguised as a fundraising campaign for a North Korean defector organization, using the health situation of a Free North Korea Radio representative as the lure. The LNK searches for a specific oversized shortcut file, extracts and opens a decoy PDF, writes an encoded EXE payload as caption.dat, creates elephant.dat and sharke.bat, and executes the batch chain through PowerShell. The extracted payload is XOR-decoded with the key d, loaded into memory with kernel32.dll P/Invoke calls such as GlobalAlloc, VirtualProtect, CreateThread, and WaitForSingleObject, and executed reflectively rather than simply dropped and run. The source provides hashes for the LNK sample and describes a victimology pattern focused on North Korean defectors, making it relevant for defenders tracking APT37 social-engineering lures and fileless-style execution chains.