CISA, FBI, and DoD analyzed ARTFULPIE as a North Korean government-linked Trojan variant associated with HIDDEN COBRA activity. The implant functions as a downloader and in-memory loader, retrieving a DLL from a hardcoded URL and manually loading it into its own address space. The report highlights the sample hash, the hardcoded download path at 193.56.28.103:88/xampp/thinkmeter.dll, and the user-agent used during retrieval. The advisory provides defensive context for prioritizing detection and mitigation of DPRK-linked malware without relying on long IOC lists.