LucidKnight

According to Cisco Talos, is a companion reconnaissance tool that exfiltrates system information via Gmail. Its presence alongside LucidRook suggests the actor operates a tiered toolkit, potentially using LucidKnight to profile targets before escalating to full stager deployment.

Family metadata imported from Malpedia (Fraunhofer FKIE).