IOC Radar
TLP:WHITE1 IOC

Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea

0M
0x0d4y Malware Research
Published November 17, 2025Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYTA0005INFRASTRUCTUREunknownCAPABILITYCobalt StrikeVICTIMunknown
Adversary(1)
Infrastructure
Capability(1)
Victim

Attack Flow6 steps · MITRE ATT&CK mapped

ExecutionTA0002·T1204.002
1/6
Native API
ActionExecute RAT via CreateThread
The ScoringMathTea RAT, in DLL format, uses CreateThread to start a new thread that executes its main function.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
SHA1d66ae38be618d0654d375986a41202b1441b5030
exploitfile-hashintel-blog
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
SHA1
SHA11Actors1Malware1REPORTNation-State Actor’s ArsenTA0005Cobalt Strike
scroll to zoom · drag to pan · click IOC to open