Prelude released an APT38-themed emulation chain based on Castov malware used by DarkSeoul against South Korean financial industry and government targets. The excerpt says Castov acted as a downloader for second-stage malware, including payloads hidden in JPG files and additional downloads over Tor that led to DDoS malware. The chain simulates Castov-style downloader and packer behavior through CastOff, including HTTP retrieval of packed JPG files and unpacking to extract a second-stage agent. It also introduces CastOut, a destructive MBR wiper inspired by DarkSeoul wiper behavior that overwrites disk structures and reboots the host into an unrecoverable state.