During [JSAC2021](https://jsac.jpcert.or.jp/archive/2021/en/index.html) on 28 January 2021, there was a presentation about an attack group LuoYu, which targets Korean and Japanese organisations since 2014 [1](https://blogs.jpcert.or.jp/en/2021/10/windealer.html#1)[2](https://blogs.jpcert.or.jp/en/2021/10/windealer.html#2). Recently, JPCERT/CC came across malware WinDealer used by this group. This article introduces some findings of our analysis https://blogs.jpcert.or.jp/en/2021/10/windealer.html