LucidKnight (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.lucidknight (Back to overview)

LucidKnight

According to Cisco Talos, is a companion reconnaissance tool that exfiltrates system information via Gmail. Its presence alongside LucidRook suggests the actor operates a tiered toolkit, potentially using LucidKnight to profile targets before escalating to full stager deployment.

References

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

There is no Yara-Signature yet.

LucidKnight Propose Change

References

LucidKnight