KimJongRAT, first identified in 2013, now appears in two variants: a Portable Executable (PE) and a PowerShell version. Both are triggered via a malicious LNK file that fetches droppers from a CDN. The PE dropper delivers a loader, decoy PDF, and text file, while the PowerShell variant unpacks a PDF and ZIP archive containing the stealer and keylogger....