[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foE6rXzNw-VXbHWqgNA6W08CDe7Jb9WmJIzhrYFWGYhU":3},{"article":4,"iocs":45},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":25,"category":26,"article_tags":29},"45d90130-8a25-46c7-81c1-5ebf86c31201","\"On other hosts, the LB3.exe file was executed via the Explorer.exe process and spawned a subproc...","on-other-hosts-the-lb3-exe-file-was-executed-via-the-explorer-exe-process-and-sp-130262","\"On other hosts, the LB3.exe file was executed via the Explorer.exe process and spawned a subprocess with the -psex option, which was likely intended to trigger the ransomware’s ability to spread via a PsExec-style SMB spreader configurable...\"\n\nReport: https:\u002F\u002Ft.co\u002FMdbthjk2PA https:\u002F\u002Ft.co\u002F1ruuz3n5XK","A ransomware campaign leverages LB3.exe executed through Explorer.exe to establish persistence and spread laterally across networks using PsExec-style SMB propagation. The malware employs configurable options (-psex) to automate lateral movement, indicating a sophisticated attack targeting multiple hosts within victim environments.","LB3.exe ransomware spreads via Explorer.exe and PsExec-style SMB lateral movement.",null,"https:\u002F\u002Fx.com\u002FTheDFIRReport\u002Fstatus\u002F2057069340130697692","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIwtqbFXwAA4zc7.jpg","2026-05-20T12:02:03+00:00","2026-05-20T13:00:10.02427+00:00",7,[18,21,23],{"name":19,"type":20},"PsExec","technology",{"name":22,"type":20},"Explorer.exe",{"name":24,"type":20},"SMB","7d8b5ab8-ea0b-4ced-ae97-ec251b86993a",{"id":25,"icon":11,"name":27,"slug":28},"Ransomware","ransomware",[30,35,40],{"category":31},{"id":32,"icon":11,"name":33,"slug":34},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":36},{"id":37,"icon":11,"name":38,"slug":39},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",{"category":41},{"id":42,"icon":11,"name":43,"slug":44},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[46,49,53],{"type":34,"value":47,"context":48},"LB3.exe","Ransomware executable deployed via Explorer.exe with SMB lateral movement capability",{"type":50,"value":51,"context":52},"mitre_attack","T1021.002","SMB\u002FWindows Admin Shares lateral movement via PsExec-style spreader",{"type":50,"value":54,"context":55},"T1547.001","Persistence through Explorer.exe process execution"]