Trend Micro analyzed TROJ_WHAIM.A, a destructive MBR wiper used against a Korean power-plant target and believed to have reached systems partly through malicious Hangul Word Processor files delivered with social-engineering lures. The malware checked whether the system time had reached December 10, 2014 at 11:00 AM before setting a registry value that triggered MBR infection, giving it a time-bomb routine similar to earlier South Korean wiper incidents. It overwrote the MBR with a repeated “Who Am I?” string, overwrote selected file types, and installed itself as a service using names and descriptions copied from legitimate Windows services to reduce suspicion. The article notes public demands tied to KHNP document leaks and nuclear-plant shutdown threats, while cautioning that behavioral similarities to other wiper attacks do not prove shared attribution.