ASEC analyzed malware built to conduct DDoS attacks against South Korean government websites at 10:00 on June 25 and also found related malware designed to destroy hard disks. The RDPSHELLEX.EXE sample checks for prior infection with a mutex, installs as a Windows service under legitimate-looking service names, and can transmit infected-system operating-system details to attacker infrastructure. The destructive component stores trigger data for MBR destruction, password changes, network sessions, and process execution, then stops services, changes user passwords, alters the desktop, and patches disk MBRs through PhysicalDrive writes. The wiper can overwrite disk sectors and delete or corrupt files with web, media, and image extensions, making the incident relevant for both DDoS response and destructive-malware recovery planning.