Genian observed an APT37-style spearphishing campaign that impersonated a real January 2024 unification strategy webinar on North Korea policy. The malicious email added a lookalike registration link that led victims to Dropbox, where a ZIP file delivered an LNK disguised as a PDF event notice. The LNK ran an oversized PowerShell command, extracted a decoy PDF, wrote public.dat and 241223.bat under the Public folder, and launched a staged payload flow that included an XOR-encrypted EXE masquerading as hybrid.zip. The report ties the tradecraft to prior APT37 patterns involving cloud storage abuse and attempted data exfiltration through pCloud.