Malware
ScoringMathTea
According to ESET Research, ScoringMathTea is a RAT that offers the attackers full control over the compromised machine.
According to ESET Research, ScoringMathTea is a RAT that offers the attackers full control over the compromised machine. Its first appearance dates to late 2022, when its dropper was uploaded to VirusTotal. Soon after, it was seen in the wild, and since then in multiple attacks attributed to Lazarus’ Operation DreamJob campaigns, which makes it the attacker’s payload of choice for already three years. It uses compromised servers for C&C communication, with the server part usually stored under the WordPress folder containing design templates or plugins.
Family metadata imported from Malpedia (Fraunhofer FKIE).