DHS and FBI attributed SHARPKNOT to HIDDEN COBRA, the U.S. government's label for North Korean state cyber activity. The MAR analyzes a 32-bit Windows executable that must be launched with a command-line argument, disables selected Windows services, overwrites the MBR, and recursively wipes files on local, mapped network, and attached drives by nulling, renaming, and deleting them. The advisory includes hashes, YARA rules, and mitigation guidance so defenders can detect and prioritize destructive SHARPKNOT activity.