ESRC analyzed a 2019 APT lure built around a document titled as an assessment of North Korea's New Year address and noted code similarities to the 2014 Korea Hydro & Nuclear Power attack. The executable carried a normal HWP decoy and 32-bit/64-bit malicious DLL resources disguised as HncChecker.dll, dropping into C:\ProgramData\Hnc\ to resemble legitimate document software components. The malware logged infection activity, captured keystrokes into userdata.cab, and attempted to transmit collected data through a Korean portal webmail service. ESRC connected the TTPs to continuing attacks against South Korea involving diplomatic, security, and unification themes, making the case useful for detecting document-themed espionage and keylogging activity.