FortiGuard Labs analyzed NukeSped RAT samples linked to North Korea’s HIDDEN COBRA activity and compared them with known FALLCHILL tooling. The samples used encrypted strings, dynamic API resolution, persistence through Run keys or services, and a remote-administration command set for process execution, payload retrieval, disk inspection, directory changes, and cleanup. Several samples carried Korean language identifiers and shared cryptographic and code-structure traits with earlier HIDDEN COBRA malware families. The report provides malware hashes and blocking context for defenders tracking DPRK-aligned RAT activity.