""LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and execute staged Lua bytecode payloads.""
""The entire sequence is listed below - LNK-based infection chain... EXE-based infection chain...""
""A 64-bit Windows DLL, LucidRook, is heavily obfuscated to deter analysis and detection. Its functionality is two-pronged: it collects system information and exfiltrates it to an external server.""
UAT-10362 is a newly identified threat cluster linked to spear-phishing attacks on Taiwanese NGOs and universities. The malware, LucidRook, is a sophisticated stager that utilizes a Lua interpreter and Rust-compiled libraries. The attack employs RAR or 7-Zip archives to deliver a dropper named LucidPawn, which launches LucidRook through DLL side-loading. Two infection chains exist: one using a Windows Shortcut file and another masquerading as a Trend Micro antivirus program. LucidRook is designed to collect system information and exfiltrate it while receiving encrypted payloads for execution.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]