Morphisec analyzed a Word document named AGREEMENT.docx that exploited Flash vulnerability CVE-2018-4878 to execute code and download a DLL payload from a likely compromised domain. The exploit included both 32-bit and 64-bit implementations, unlike a prior campaign that used only a 32-bit variant. The payload and exploit shared several traits associated with past Lazarus activity, including string encryption, network protocol patterns, and Korean-language resource directory references, while the authors noted that weak obfuscation and missing validation could indicate deliberate false-flagging. The report is relevant because it documents active weaponization of CVE-2018-4878 with Lazarus-like tradecraft while explicitly cautioning against overconfident attribution.