The Pulsedive analysis examines a Kimsuky JavaScript dropper tied to public IOCs and sandbox traffic for a North Korean espionage group active against government, think-tank, and expert targets. The initial script contacts iuh234[.]medianewsonline[.]com through dwnkl[.]php with the host computer name, retrieves additional JavaScript, and executes server-supplied content. The second stage collects system information, running processes, and file listings from the Users directory, packages output into cabinet files with certutil, and exfiltrates the data by POST requests to the same infrastructure. A third-stage script writes Themes.js under the Windows Themes path and creates a scheduled task named Windows Theme Manager for minute-by-minute persistence, while also dropping an apparently empty Word document lure.