Wezard4u analyzes a Konni malware document disguised as a Korean HWP file about North Korean market prices in Hoeryeong, suggesting targeting of people who work on North Korea-related issues. The document does not exploit an HWP vulnerability; it embeds a malicious OLE object and relies on the user clicking a read-only or editing prompt. The embedded content decompresses to reveal command infrastructure using nav.offlinedocument.site under a document-service style path, and the report provides hashes for the HWP lure, including SHA-256 d1f81eaf48b878479065d9f04a252edca193bb0ffdd7734daad2103c17a637e9. The activity fits Konni’s use of Korean-language North Korea policy lures to deliver downloader-style malware.