LucidRook (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.lucidrook (Back to overview)

LucidRook

According to Cisco Talos, LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and execute staged Lua bytecode payloads.

References

2026-04-07 ⋅ Talos Intelligence ⋅ Ashley Shen
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
LucidKnight LucidPawn LucidRook UAT-10362

There is no Yara-Signature yet.

LucidRook Propose Change

References

LucidRook