ASEC analyzed an RTF malware sample disguised as an airline cover-letter or resume document and created in early October 2021. The file exploited the Microsoft Equation Editor vulnerability CVE-2017-11882 and, if triggered, attempted to download additional payloads from gozdeelektronik[.]net paths ending in movie.png and movie.jpg. The source says those URLs were inactive during analysis, but the same infrastructure had been used by a 2019 malicious EPS/HWP case, suggesting reuse by the same group. ASEC notes that external Twitter reporting associated the RTF activity with Lazarus, but the article itself treats the attribution cautiously.