LucidPawn (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.lucidpawn (Back to overview)

LucidPawn

According to Cisco Talos, LucidPawn is a dropper for LucidRook and LucidKnight. It uses region-specific anti-analysis checks and executes only in Traditional Chinese language environments associated with Taiwan.

References

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

There is no Yara-Signature yet.

LucidPawn Propose Change

References

LucidPawn