ENKI says a North Korea-linked attempt against its security researcher used social engineering around Chrome exploit collaboration to deliver an MHTML lure named Chrome_85_RCE_Full_Exploit_Code.mht. The file was crafted to push the victim toward Internet Explorer execution, and when scripting was allowed it downloaded additional payloads twice from codevexillium[.]org. The second-stage payload contained Internet Explorer exploit code, which ENKI analyzed as a DOM attribute double-free issue that could lead to arbitrary memory read/write and further code execution. The case matters for tracking DPRK researcher-targeting activity because it combines trusted-researcher lures, browser-specific exploit delivery, and remotely staged payloads.