Lazarus group’s scoringmathtea rat

Intel Name: Lazarus group’s scoringmathtea rat

Date of Scan: December 2, 2025

Impact: High

Summary:
ScoringMathTea is a newly uncovered C++ Remote Access Trojan used by North Korea’s Lazarus Group in a fresh phase of Operation DreamJob, targeting defense contractors supporting Ukraine to steal sensitive UAV technology. The RAT is notable for its extensive runtime evasion methods—such as stack strings, custom polyalphabetic decryption, API hashing, PEB walking, and reflective DLL injection—making it highly difficult to detect and analyze.

More Details