The Reveal Platform
Intel Name: Grixba malware reconnaissance activity
Date of Scan: November 28, 2025
Impact: High
Summary: Detects the use of the Grixba reconnaissance tool through characteristic command-line patterns. Grixba, employed by the Play ransomware group, supports pre-attack operations such as network scanning, data collection, and clearing of event logs.
