0ffset analyzes a Lazarus/HIDDEN COBRA dropper connected to three malware strains publicly linked by the FBI to North Korean activity. The post focuses on static analysis of the dropper, its embedded DLL resources, and its relationship to a RAT and SMB-spreading worm associated with the same malware set. It is useful for defenders tracking Joanap/Brambul-era Lazarus tooling and historical sample behavior.