ASEC reports that attackers in 2024 increasingly used Microsoft Management Console MSC files as Office document malware declined. One MSC class abuses CVE-2024-43572 in apds.dll, while another uses MMC Console Taskpad entries to run commands from files disguised with PDF, Word, or folder icons. ASEC specifically observed Kimsuky distributing MSC malware against Korean users, including decoy document execution and lure names tied to defense, interviews, drones, and survey themes. The format is useful for delivery because an XML-based console file can register script, command, or program execution and can be launched by a simple double click.