The source analyzes a Konni-attributed Excel lure named as a 2023 North Korean market price survey, aimed at people working on North Korea-related topics. Opening the spreadsheet exposes an ActiveX control warning; enabling content triggers contact with app.documentoffice.club through a URL embedded in xl/activeX1.bin. The author links the activity to the Konni cluster associated with Thallium, APT37, and possibly Kimsuky, while noting earlier use of CVE-2022-41128 in related activity. The report includes the sample hashes for the XLSX payload and warns that detection was limited at the time to a small number of Korean security products.