coinbase cartel
Ransomware group profile
167Victims
75Impact score
Description
Coinbase Cartel is a cyber-extortion group that emerged in September 2025, focusing on data exfiltration to extract ransom rather than conventional ransomware tactics. They utilize partnerships with other cybercriminals and exploit stolen credentials to penetrate target systems, often leaving victims unaware until they demand payment. Their strategy emphasizes stealth and immediate financial gain through a unique extortion model without significant operational disruption.
Key insights
- •Coinbase Cartel specializes in data exfiltration for financial gain without encrypting files.
- •They primarily use old infostealer credentials to access cloud environments and FTP servers.
- •The group employs tactics like staged data leaks and a dedicated chat interface for ransom negotiations.
- •Their operation is characterized by partnerships with cybercriminals and bids for zero-day exploits.
- •Attacks are typically aimed at enterprise-level organizations across various sectors.
Threat Level & Status Breakdown
For coinbase cartel · Based on incidents in selected period
2.5threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality1.2/ 10
Status Breakdown
Claimed94.0%157
First seenSep 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for coinbase cartel in the selected period
167Total attacks
46peak in Apr
16.7avg / month
↓ 13 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for coinbase cartel
- e96325bbb60a04cad182891515c14964dbd873cb9d7625fa5a4d736dc68246d1
- 04461a6b8ac0fea7f089d739aee9ed081d9a1fa30c837214ef3cd50e60be0804
- dc3ae750cf807ffbc0fc8730e72bf1151cb5ddd8f5ba9c92c22e79ad14078a63
- 5f9e5448da034de96febe86d86e32db73b30597abd5d83266301666f21f784e7
- 560f0836fb6ba9e4d52cffc05d11f3bd11ab1d9830ded2bf21342394693cb02b
- a686b29f491b1779cf0e616dbee999e8
- b54178095c398f10b2e5882e2822cc9be405026c8566d545dff29f4b000563a8
- a42656e5ad3c22bc0833ddb2d250bfa1839a28f8a27f941e2ec5e5dbc9ad757e
- ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
- 801b530e765afe99490e765b3850d09c8cf9339e7aab54742b3ea28cc98035b3
- a96e21eef9d729853853c63b8f81bacb
- 7b178a0aa4bd7c5ccf5b624a6bd11e2a
- a61851cb441f303f337d4f04713cd0c5238bf99d96263ea4b9c9d6e0da4de44b
- ffce3a027191888d44de16e546429396c49dbe6fd7bd7caba8512a65f5686296
- 9ecb62824c4a6a7e1d9c35836391fcdfcc192a36742816161b0babfd368ec5a9
- 7406a9fc765bf2c160805e9640c30c92f59ef6b967f6df9d50b73b709e6a9e8f
- 7589cbbe2825a9ed7fcdbaf303a50a71f94601333ecae536caa26f45805eb32f
- fa1067298bed9e95fc864e95c91012d98593c019e1c11910fa6a1cee53263a78
- dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
- 3a3419d8f8ebbc5642365a42635482c8b6442c3c
- 6eb0b21b01e6326dc3f062c37d64dfe12181ed7f1b0440b2f472fcaeef10cbd9
- 8298208653df9787cfe447c0cd3ff2ad50ceab379bb87ca11d529a05ab090be5
- 49ecbb637a473ec76fefa8c05811a1cc2a3c2dd44a1df0c323b14a916863d1d4
- ef561fb520e1db20adc7351e4bc599036dc5cd81ebf8e1323c725ae792abc50e
- 18b15d943807744f0cf2e94eebbcdcf5379a75535e9d93b501d88df2fd157eec
- f0e88953b023ca85247155758c33ab0787f0ce10d6d48216bcef18e476ca4b94
- aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
- be7ce2070d1e5e5dc1e2151b5431667161ccf5689db31566a6b49228da2c95fc
- f982d10af471880bf7da1e374d7f92973ad4346a896e220a411ec06c32a85174
- d4f3f8b96ab909e8e4023a8cff4b0a9090c6f1bd01547521312f204777b62480
- 810f747c78d9e6dc93f7d12e714880b17cecc19a8c4351f33b5af23fc138ece3
- ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
- d8c5600c09b316689c21aba141044efe25d4cadfd7cab61bfe99269f134f45c2
- 207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861
- 95febad12000e0777970d544616c0b4163424a28ed513e84cdbf1ded6bb1d1f4
- d91e8f5aeaca913f4a462a1e9dfee5f57535671671f46815bddc02f2abe6ffae
- f4c0e951ac66b09816f04c3e256ef94a78f8d1285448bb7c64d1f396f99e1201
- 9a0c809142a92be3b4dd43506e7e4613ead2eba40ab3db1aafdc7575deceb7a2
- 136122802b7278298b6576db1189dd15
- 8b68c70276a7086829deee0f9b165b3b4a6d28c0a026153dfe70b812ce27ce6a
- 17f5ee815db420cd97872e97d05504d5a7dbed7e51cf979daabf22be90abb4cc
- 40302e53abdb4a5b22e18809addf103d162ef5b748c50c1272758aeda48f2737
- af2de07aabb5cb1dd7523baf324badc99820a30db6a480bbba5c995d473f6bc9
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
- e17fe4e556638c9f2edac9939b77b05c47feefdf3064325df472063330791271
- def76ceb7b40c5f2c6f65315fd21ffac04b9b528
- 74a18ef3149325503a04e49f71c277a2ac31d2dfc56f49bd662314b4f25a0388
- e2f5aa9b4b43018dba456eee17ded1ff3232c6438648b3d36808dca6213fb557
- 9ea698e004e978a587fcd72e8f78bc4edb7c43bf6a069f833ff866759fe394dd
- e542c61ac26e366537d89ad2fbd8c5f448d440b4ff2174d10045c02197aa6bce
- 632c33e686ad1dcb4eed8cd5501425372ac16b43c81f082c4e9986cf5c3daaeb
- 07134bb7fd88e638834d180a55934c8375d7eced
- 4ac4e5c122bd5c2e324a6983999fc9be1bdecb95e39ddf5d4a92049af87f74bd
- a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f
- 53b1d6cfbf38a0d3e80f58768e773df6462305c7efbed0aa9b6b4ad2d994581e
- 51312177a9c81ae610e7b73a8d3330c54c130baf901516351d250357d0c3ff6d
- bc6c535b32bdb75924d1aedcf4b5aa009387d86323da2007ad3f10eb86cf6ee5
- 14a268b68c64fb4ffa769f966e9a49648aebf4959c2e3a718bfb44e30f4c935a
- 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
- 10370f821ef2d769bcb287b3f5ab081c4949a97891a25a23688e8c553bd393df
- 7a9938273e502427d127d1aced6f9fe7fd25c7fdffe5319788f1e0588280734b
- a425738835542b948a934b8977da6afbf194f7d30250e100cb81e4bb2c362955
- b8af4318595f1c17ba1b72665892d8ec748e90d08a48e69247b2556144d04f1b
- 85f4cbf9c22200ee71cd3817786db2e436d9d04697c96678922939feecc18ab0
- adb08093c6388d304645b2f03e879f69dac9f46d428344220022538ad3af7bd8
- 458d2009228324bfdfcf0e3574d0bc2a433f3cf9e7c5c042d4eab71d5c31b1ba
- 687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2
- 417bace90f0a45fa96ab2a0e2fdad0fe2b6e6a404fe1e3af63b55135d2c743d7
- 8b4c1ac41d28523747ce4038de33aa969994fcb4ca1aff7266f0eb8aa0ffc7b9
- 45b6daf37fbd40c38f6765bb63d07b16324f0c91
- 57f5f0f6f0bd14cdf36bf7de9462c023bd13d1bfdb93a3e46db6249e2b63dbaa
- dfff54d42b60017684805abb5ee34ab2da491dbcdf3a258852cfa439b878d4af
- f4272104d21c8cc48a6d277f0ad59afd8950bb7fd14b99a063d441ec44fc91c5
- 06e46fcadbd0e5fb07aa8d7cccdf0000a25733f20fcf58e30670b460659394a8
- 167fff1db7203da539df913e27bbc646f89e580e646040134d50051e52be9fea
- f00395da1c2838b95084d18a8da2d6dbe89ae74b00508e4dafcd65198ba0843c
- 65d1cb1f99df762a71c6f90a56f5b8a0d9d99154a411b273eb3a5061ba7d950f
- 967e44d475d98dd2fa1627dee80ea0f930f0ef10592225fafc284a2bdbea1bcc
- dff1b1f13d3b70e23a506809e509726b2cff89b0586b1866a4aa5ef629468cad
- a58aa736bb3f7275238bbebe18bf24769ec6c742e46bc85783b832809163b89b
- 8ac1e34fc3cc4e30206c3708d0e414c9327f783c5763d6d17bed493e26969a10
- cfeec2b8a9d8de2bc635762c6e7146e66e107a68cefa98bb5bbb5eb01a6b3c66
- 522eac2353580ba8257613ef7223de9d25692584124ca16daa76109f8176b34a
- 1125c45d285c360542027d7554a5c442288974de
- 93e1e1f7f4630b866ed9ff0b7109060563470326e4b86d6e4b21ce3393d1bf8f
- d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f
- db057d6796337e05812ca2926b5503442f2201c53afb506e90c279e11bf1a7af
- d97c3ae50b6cad342045d900154326d02332496c155d07382b233b110056b23a
- 21a2ee204af0ae5ce4b23da6ab16a426fc9534e04b8550b3a829154f4497fb35
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for coinbase cartel
Other
T1078
T1078
T1486
T1486
T1203
T1203
T1562
T1562
T1021
T1021
T1046
T1046
T1592
T1592
T1040
T1040
T1027
T1027
T1080
T1080
T1059
T1059
T1068
T1068
Victims(167)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Cambridge Mobile TelematicsNEW | — | — | Technology | Claimed | 1 day ago | |
| - CognizantNEW | — | US United States | Technology | Claimed | 12 days ago | |
| Openmind networks | — | — | Technology | Claimed | 13 days ago | |
| Pragmatic Solutions | — | — | Hospitality | Claimed | 13 days ago | |
| Panasonic Aero | — | — | Technology | Claimed | 13 days ago | |
| Zywave | — | — | Professional Services | Claimed | 19 days ago | |
| Grafana | — | US United States | Technology | Claimed | 19 days ago | |
| Buenos Aires Software | — | AR Argentina | Technology | Claimed | 21 days ago | |
| Jozef Stefan Institute (IJS) | — | — | Education | Claimed | 23 days ago | |
| Alpinion | — | — | Healthcare | Claimed | 23 days ago | |
| Tab Service | — | — | Professional Services | Claimed | 23 days ago | |
| Cass information Systems | — | US United States | Professional Services | Claimed | 23 days ago | |
| Sanna Web | — | PE Peru | Technology | Claimed | about 1 month ago | |
| Peru LNG (Hunt LNG Operating Company) | — | PE Peru | Energy & Utilities | Claimed | about 1 month ago | |
| Aptim | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Kementerian Pertanian | — | ID Indonesia | Government & Defense | Claimed | about 1 month ago | |
| Sea Telecom Br | — | BR Brazil | Technology | Claimed | about 1 month ago | |
| Precision Coating | — | US United States | Manufacturing | Claimed | about 1 month ago | |
| Integer Holdings | — | US United States | Manufacturing | Claimed | about 1 month ago | |
| SIG.biz | — | CH Switzerland | Manufacturing | Claimed | about 1 month ago |
Page 1 of 9
Affected countries(45)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇾Cyprus🇩🇪Germany🇩🇰Denmark🇪🇨Ecuador🇪🇸Spain🇫🇷France🇬🇧United KingdomGibraltarGuadeloupe🇬🇷Greece🇬🇹GuatemalaGuam🇭🇰Hong Kong🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇹Italy🇯🇵JapanKorea, Republic of🇲🇺Mauritius🇲🇽Mexico🇳🇦Namibia🇳🇱Netherlands🇵🇪Peru🇵🇰Pakistan🇵🇱Poland🇶🇦Qatar🇷🇴Romania🇸🇪SwedenTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa