Intezer found that WannaCry and Joanap samples associated in the report with North Korean activity shared an encryption implementation that also appeared in Magic Hound malware. The shared code was traced to a 2002 CodeProject example, suggesting the overlap came from publicly available utility code rather than a direct relationship between the malware authors. The report uses this case to show how nation-state malware developers reuse legitimate online code to reduce development effort. For defenders, the finding matters because non-malicious code reuse can still create patterns useful for clustering samples, tracking future variants, and challenging attackers to rewrite tooling.