"On other hosts, the LB3.exe file was executed via the Explorer.exe process and spawned a subproc...

Summary

A ransomware campaign leverages LB3.exe executed through Explorer.exe to establish persistence and spread laterally across networks using PsExec-style SMB propagation. The malware employs configurable options (-psex) to automate lateral movement, indicating a sophisticated attack targeting multiple hosts within victim environments.

Indicators of Compromise

• malware — LB3.exe
• mitre_attack — T1021.002
• mitre_attack — T1547.001

Entities