{
  "name": "New Lua-based malware LucidRook observed in targeted attacks against Taiwanese organizations",
  "slug": "new-lua-based-malware-lucidrook-observed-in-targeted-attacks-against-taiwanese-organizations",
  "description": "Cisco Talos observed a spear-phishing attack delivering LucidRook, a newly identified stager that targeted a Taiwanese NGO in October 2025. The metadata in the email suggests that it was delivered via authorized mail infrastructure, which implies potential misuse of legitimate sending capabilities.",
  "published": "2026-04-08T13:48:46.671000+00:00",
  "created_at": "2026-04-08T17:01:48.683000+00:00",
  "modified_at": "2026-04-08T15:01:48+00:00",
  "created_at_opencti": "2026-04-08T17:01:48.683000+00:00",
  "author": "AlienVault",
  "confidence": 100,
  "report_types": [
    "threat-report"
  ],
  "labels": [
    "lucidknight",
    "lucidpawn",
    "lucidrook",
    "spearphishing",
    "taiwan"
  ],
  "tags": [
    "2026-04-08",
    "lucidknight",
    "lucidpawn",
    "lucidrook",
    "spearphishing",
    "taiwan"
  ],
  "related_entities": {
    "indicators": [
      {
        "id": "2e7a6cbf-9a66-4f55-888e-4549e44cf628",
        "name": "c2d983d3812b5b6d592b149d627b118db2debd33069efe4de4e57306ba42b5dc"
      },
      {
        "id": "ee866875-4f46-4c79-b9ee-a3ba109d8965",
        "name": "ab72813444207dba5429cf498c6ffbc69e1bd665d8007561d0973246fa7f8175"
      },
      {
        "id": "be6d5be1-b3e5-4ba5-b324-f684062d549a",
        "name": "fd11f419e4ac992e89cca48369e7d774b7b2e0d28d0b6a34f7ee0bc1d943c056"
      },
      {
        "id": "b583419e-f39d-4ec0-9992-c8d34bf578e3",
        "name": "59.124.71.242"
      },
      {
        "id": "d6135017-6980-4b53-ae65-f5dbba889cfb",
        "name": "f279e462253f130878ffac820f5a0f9ac92dd14ad2f1e4bd21062bab7b99b839"
      },
      {
        "id": "f0999f24-1245-4a98-8e90-2f40245e3744",
        "name": "6aba7b5a9b4f7ad4203f26f3fb539911369aeef502d43af23aa3646d91280ad9"
      },
      {
        "id": "c3364431-fff7-4710-a240-ee86ebd6ff0c",
        "name": "aa7a3e8b59b5495f6eebc19f0654b93bb01fd2fa2932458179a8ae85fb4b8ec1"
      },
      {
        "id": "9ed1f9ae-227d-4a92-88b2-2acd0766de24",
        "name": "852a80470536cb1fdab1a04d831923616bf00c77320a6b4656e80fc3cc722a66"
      },
      {
        "id": "c3c6d60e-3c98-4c77-9ab8-4757ee5cfad0",
        "name": "a42ad963c53f2e0794e7cd0c3632cc75b98f131c3ffceb8f2f740241c097214a"
      },
      {
        "id": "7c54d758-1b2b-4cdd-866a-1a6927c24fab",
        "name": "166791aac8b056af8029ab6bdeec5a2626ca3f3961fdf0337d24451cfccfc05d"
      },
      {
        "id": "0ff2c805-0f39-4afa-b52e-53bd9810b3a3",
        "name": "0305e89110744077d8db8618827351a03bce5b11ef5815a72c64eea009304a34"
      },
      {
        "id": "eae7e03b-176c-4932-9953-3bd67b573d74",
        "name": "d.2fcc7078.digimg.store"
      },
      {
        "id": "d1ecc733-90cd-43df-8fec-8e96b6221cbb",
        "name": "d49761cdbea170dd17255a958214db392dc7621198f95d5eb5749859c603100a"
      },
      {
        "id": "070af10e-99a6-47d4-afaa-3c0dd424b55f",
        "name": "7e851b73bd59088d60101109c9ebf7ef300971090c991b57393e4c793f5e2d33"
      },
      {
        "id": "18a3d9fb-b9b5-437e-b154-a72287e6b465",
        "name": "1.34.253.131"
      },
      {
        "id": "6051bd48-aeca-423b-bd57-bc7be91664d0",
        "name": "b480092d8e5f7ca6aebdeaae676ea09281d07fc8ccf2318da2fa1c01471b818d"
      },
      {
        "id": "acccd4b5-c7db-4098-9693-89f50463d8e6",
        "name": "adf676107a6c2354d1a484c2a08c36c33d276e355a65f77770ae1ae7b7c36143"
      },
      {
        "id": "da8ef7b3-4e07-4a16-bbb8-ef3b41c6e800",
        "name": "edb25fed9df8e9a517188f609b9d1a030682c701c01c0d1b5ce79cba9f7ac809"
      },
      {
        "id": "fadabe50-6358-4fb2-ac21-c5d351473c5b",
        "name": "powerscrews.com"
      },
      {
        "id": "8df8bf7b-e834-41cd-a887-05f96f8feb07",
        "name": "bdc5417ffba758b6d0a359b252ba047b59aacf1d217a8b664554256b5adb071d"
      },
      {
        "id": "94869d40-bf36-4f37-b956-e1a8aa7d81c0",
        "name": "d8bc6047fb3fd4f47b15b4058fa482690b5b72a5e3b3d324c21d7da4435c9964"
      },
      {
        "id": "fee37de3-59eb-4212-9108-d5223fe8122b",
        "name": "11ae897d79548b6b44da75f7ab335a0585f47886ce22b371f6d340968dbed9ae"
      }
    ],
    "attack_patterns": [
      {
        "id": "804630c7-dda3-49df-9ac4-70bd1ad83e06",
        "name": "T1192"
      }
    ],
    "malware": [
      {
        "id": "f5908aa9-caa4-4a70-b741-ea9756c0be94",
        "name": "LucidRook",
        "slug": "lucidrook"
      },
      {
        "id": "08c4fc45-8062-444e-9201-f3c33815482d",
        "name": "LucidKnight",
        "slug": "lucidknight"
      },
      {
        "id": "dc1ff151-0b17-49b8-99ee-b50584376471",
        "name": "LucidPawn",
        "slug": "lucidpawn"
      }
    ],
    "observables": [
      {
        "id": "501498e9-296e-498e-823c-4c9bc7aa0f3b",
        "name": "powerscrews.com"
      },
      {
        "id": "0382e0d7-58b7-4cb1-841f-7689cc25df45",
        "name": "d.2fcc7078.digimg.store"
      },
      {
        "id": "5f02687e-8b5d-49e5-a49d-09a417789221",
        "name": "59.124.71.242"
      },
      {
        "id": "83cd9839-1684-4acc-88c9-5af809a23ff6",
        "name": "1.34.253.131"
      },
      {
        "id": "",
        "name": "c2d983d3812b5b6d592b149d627b118db2debd33069efe4de4e57306ba42b5dc"
      },
      {
        "id": "",
        "name": "ab72813444207dba5429cf498c6ffbc69e1bd665d8007561d0973246fa7f8175"
      },
      {
        "id": "",
        "name": "fd11f419e4ac992e89cca48369e7d774b7b2e0d28d0b6a34f7ee0bc1d943c056"
      },
      {
        "id": "",
        "name": "f279e462253f130878ffac820f5a0f9ac92dd14ad2f1e4bd21062bab7b99b839"
      },
      {
        "id": "",
        "name": "6aba7b5a9b4f7ad4203f26f3fb539911369aeef502d43af23aa3646d91280ad9"
      },
      {
        "id": "",
        "name": "aa7a3e8b59b5495f6eebc19f0654b93bb01fd2fa2932458179a8ae85fb4b8ec1"
      },
      {
        "id": "",
        "name": "852a80470536cb1fdab1a04d831923616bf00c77320a6b4656e80fc3cc722a66"
      },
      {
        "id": "",
        "name": "a42ad963c53f2e0794e7cd0c3632cc75b98f131c3ffceb8f2f740241c097214a"
      },
      {
        "id": "",
        "name": "166791aac8b056af8029ab6bdeec5a2626ca3f3961fdf0337d24451cfccfc05d"
      },
      {
        "id": "",
        "name": "0305e89110744077d8db8618827351a03bce5b11ef5815a72c64eea009304a34"
      },
      {
        "id": "",
        "name": "d49761cdbea170dd17255a958214db392dc7621198f95d5eb5749859c603100a"
      },
      {
        "id": "",
        "name": "7e851b73bd59088d60101109c9ebf7ef300971090c991b57393e4c793f5e2d33"
      },
      {
        "id": "",
        "name": "b480092d8e5f7ca6aebdeaae676ea09281d07fc8ccf2318da2fa1c01471b818d"
      },
      {
        "id": "",
        "name": "adf676107a6c2354d1a484c2a08c36c33d276e355a65f77770ae1ae7b7c36143"
      },
      {
        "id": "",
        "name": "edb25fed9df8e9a517188f609b9d1a030682c701c01c0d1b5ce79cba9f7ac809"
      },
      {
        "id": "",
        "name": "bdc5417ffba758b6d0a359b252ba047b59aacf1d217a8b664554256b5adb071d"
      },
      {
        "id": "",
        "name": "d8bc6047fb3fd4f47b15b4058fa482690b5b72a5e3b3d324c21d7da4435c9964"
      },
      {
        "id": "",
        "name": "11ae897d79548b6b44da75f7ab335a0585f47886ce22b371f6d340968dbed9ae"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Taiwan"
      },
      {
        "id": "",
        "name": "Education"
      },
      {
        "id": "",
        "name": "Government"
      },
      {
        "id": "",
        "name": "d.2fcc7078.digimg.store"
      },
      {
        "id": "",
        "name": "powerscrews.com"
      }
    ]
  },
  "external_refs": [
    {
      "id": "4ccf45dc-244c-4d56-b7cc-ea743aeb22a3",
      "standard_id": "external-reference--03465f04-86c6-58cf-9ccb-ac8b04d22602",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://otx.alienvault.com/pulse/69d65cbe07a5f680cde16920",
      "hash": null,
      "external_id": "69d65cbe07a5f680cde16920",
      "created": "2026-04-08T17:01:48.579Z",
      "modified": "2026-04-08T17:01:48.579Z",
      "createdById": null
    },
    {
      "id": "b6a30397-65a4-4a6a-a8ef-88cfd3be943d",
      "standard_id": "external-reference--f57f4892-5479-5cec-a5ee-93afe7c88a38",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://blog.talosintelligence.com/new-lua-based-malware-lucidrook/",
      "hash": null,
      "external_id": null,
      "created": "2026-04-08T17:01:48.619Z",
      "modified": "2026-04-08T17:01:48.619Z",
      "createdById": null
    }
  ]
}