The article presents an adversary simulation based on Labyrinth Chollima activity targeting people in the energy and aerospace sectors with job-description lures. The simulated chain uses a password-protected ZIP containing an encrypted PDF and a trojanized SumatraPDF viewer, mirroring reporting about victims being instructed to open the lure with the bundled application. A modified DLL is loaded by SumatraPDF to decrypt and display the job document while loading the MISTPEN payload in memory. The simulation also describes a BURNBOOK launcher in a modified DLL, a network connectivity check to google.com, and BEAR-C2 listener use to receive the backdoor connection and support exfiltration.