An email sent from a North Korean @star-co.net.kp address exposed how DPRK software developers market domestically built products to overseas commercial partners, distinct from the better-known fraudulent IT worker hiring schemes. The headers showed origin IP 175.45.178.55, an internal relay at 172.31.6.4, and timezone artifacts consistent with an operator working from China while using DPRK infrastructure. The attached catalog pitched Android APK hardening, anti-debugging and anti-emulator features, a web-controlled Android surveillance implant, and AI/computer-vision capabilities including facial recognition, license plate recognition, eye monitoring, people counting, and fire or smoke detection. The material targeted Middle Eastern and North African telecom intermediaries and matters because it shows a sanctions-relevant foreign-currency channel that blends commercial software export, surveillance tooling, and capabilities that could overlap with malicious operations.