Hide Navigation Hide TOC

Grixba (3ff9e020-8a7a-4c6f-a607-117ce9e436c5)

Grixba is a tool used by Play Ransomware operators to scan victim networks for information discovery purposes. Grixba compiles and saves collected information into CSV files, which are then compressed with WinRAR and exfiltrated to threat actors.^{[Symantec Play Ransomware April 19 2023]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Play (60f686d0-ae3d-5662-af32-119217dee2a7)	Tidal Groups	Grixba (3ff9e020-8a7a-4c6f-a607-117ce9e436c5)	Tidal Software	1
Grixba (3ff9e020-8a7a-4c6f-a607-117ce9e436c5)	Tidal Software	Play Ransomware Actors (Deprecated) (6eb50f82-86cc-4eff-b1d1-66e1c6fd74f3)	Tidal Groups	1