coinbasecartel
Ransomware group profile
165Victims
75Impact score
Description
Coinbase Cartel is a cyber-extortion group that emerged in September 2025, focusing on data exfiltration to extract ransom rather than conventional ransomware tactics. They utilize partnerships with other cybercriminals and exploit stolen credentials to penetrate target systems, often leaving victims unaware until they demand payment. Their strategy emphasizes stealth and immediate financial gain through a unique extortion model without significant operational disruption.
Key insights
- •Coinbase Cartel specializes in data exfiltration for financial gain without encrypting files.
- •They primarily use old infostealer credentials to access cloud environments and FTP servers.
- •The group employs tactics like staged data leaks and a dedicated chat interface for ransom negotiations.
- •Their operation is characterized by partnerships with cybercriminals and bids for zero-day exploits.
- •Attacks are typically aimed at enterprise-level organizations across various sectors.
Threat Level & Status Breakdown
For coinbasecartel · Based on incidents in selected period
3.3threat level
Aggressiveness8/ 10
Lethality0.1/ 10
Criticality1.4/ 10
Status Breakdown
Data Leaked1.8%3
Claimed97.6%161
First seenAug 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for coinbasecartel in the selected period
165Total attacks
47peak in Apr
15avg / month
Intelligence
IOCs, YARA/Sigma rules, and related families for coinbasecartel
- e96325bbb60a04cad182891515c14964dbd873cb9d7625fa5a4d736dc68246d1
- 04461a6b8ac0fea7f089d739aee9ed081d9a1fa30c837214ef3cd50e60be0804
- dc3ae750cf807ffbc0fc8730e72bf1151cb5ddd8f5ba9c92c22e79ad14078a63
- 5f9e5448da034de96febe86d86e32db73b30597abd5d83266301666f21f784e7
- 560f0836fb6ba9e4d52cffc05d11f3bd11ab1d9830ded2bf21342394693cb02b
- a686b29f491b1779cf0e616dbee999e8
- b54178095c398f10b2e5882e2822cc9be405026c8566d545dff29f4b000563a8
- a42656e5ad3c22bc0833ddb2d250bfa1839a28f8a27f941e2ec5e5dbc9ad757e
- ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
- 801b530e765afe99490e765b3850d09c8cf9339e7aab54742b3ea28cc98035b3
- a96e21eef9d729853853c63b8f81bacb
- 7b178a0aa4bd7c5ccf5b624a6bd11e2a
- a61851cb441f303f337d4f04713cd0c5238bf99d96263ea4b9c9d6e0da4de44b
- ffce3a027191888d44de16e546429396c49dbe6fd7bd7caba8512a65f5686296
- 9ecb62824c4a6a7e1d9c35836391fcdfcc192a36742816161b0babfd368ec5a9
- 7406a9fc765bf2c160805e9640c30c92f59ef6b967f6df9d50b73b709e6a9e8f
- 7589cbbe2825a9ed7fcdbaf303a50a71f94601333ecae536caa26f45805eb32f
- fa1067298bed9e95fc864e95c91012d98593c019e1c11910fa6a1cee53263a78
- dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
- 3a3419d8f8ebbc5642365a42635482c8b6442c3c
- 6eb0b21b01e6326dc3f062c37d64dfe12181ed7f1b0440b2f472fcaeef10cbd9
- 8298208653df9787cfe447c0cd3ff2ad50ceab379bb87ca11d529a05ab090be5
- 49ecbb637a473ec76fefa8c05811a1cc2a3c2dd44a1df0c323b14a916863d1d4
- ef561fb520e1db20adc7351e4bc599036dc5cd81ebf8e1323c725ae792abc50e
- 18b15d943807744f0cf2e94eebbcdcf5379a75535e9d93b501d88df2fd157eec
- f0e88953b023ca85247155758c33ab0787f0ce10d6d48216bcef18e476ca4b94
- aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
- be7ce2070d1e5e5dc1e2151b5431667161ccf5689db31566a6b49228da2c95fc
- f982d10af471880bf7da1e374d7f92973ad4346a896e220a411ec06c32a85174
- d4f3f8b96ab909e8e4023a8cff4b0a9090c6f1bd01547521312f204777b62480
- 810f747c78d9e6dc93f7d12e714880b17cecc19a8c4351f33b5af23fc138ece3
- ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
- d8c5600c09b316689c21aba141044efe25d4cadfd7cab61bfe99269f134f45c2
- 207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861
- 95febad12000e0777970d544616c0b4163424a28ed513e84cdbf1ded6bb1d1f4
- d91e8f5aeaca913f4a462a1e9dfee5f57535671671f46815bddc02f2abe6ffae
- f4c0e951ac66b09816f04c3e256ef94a78f8d1285448bb7c64d1f396f99e1201
- 9a0c809142a92be3b4dd43506e7e4613ead2eba40ab3db1aafdc7575deceb7a2
- 136122802b7278298b6576db1189dd15
- 8b68c70276a7086829deee0f9b165b3b4a6d28c0a026153dfe70b812ce27ce6a
- 17f5ee815db420cd97872e97d05504d5a7dbed7e51cf979daabf22be90abb4cc
- 40302e53abdb4a5b22e18809addf103d162ef5b748c50c1272758aeda48f2737
- af2de07aabb5cb1dd7523baf324badc99820a30db6a480bbba5c995d473f6bc9
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
- e17fe4e556638c9f2edac9939b77b05c47feefdf3064325df472063330791271
- def76ceb7b40c5f2c6f65315fd21ffac04b9b528
- 74a18ef3149325503a04e49f71c277a2ac31d2dfc56f49bd662314b4f25a0388
- e2f5aa9b4b43018dba456eee17ded1ff3232c6438648b3d36808dca6213fb557
- 9ea698e004e978a587fcd72e8f78bc4edb7c43bf6a069f833ff866759fe394dd
- e542c61ac26e366537d89ad2fbd8c5f448d440b4ff2174d10045c02197aa6bce
- 632c33e686ad1dcb4eed8cd5501425372ac16b43c81f082c4e9986cf5c3daaeb
- 07134bb7fd88e638834d180a55934c8375d7eced
- 4ac4e5c122bd5c2e324a6983999fc9be1bdecb95e39ddf5d4a92049af87f74bd
- a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f
- 53b1d6cfbf38a0d3e80f58768e773df6462305c7efbed0aa9b6b4ad2d994581e
- 51312177a9c81ae610e7b73a8d3330c54c130baf901516351d250357d0c3ff6d
- bc6c535b32bdb75924d1aedcf4b5aa009387d86323da2007ad3f10eb86cf6ee5
- 14a268b68c64fb4ffa769f966e9a49648aebf4959c2e3a718bfb44e30f4c935a
- 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
- 10370f821ef2d769bcb287b3f5ab081c4949a97891a25a23688e8c553bd393df
- 7a9938273e502427d127d1aced6f9fe7fd25c7fdffe5319788f1e0588280734b
- a425738835542b948a934b8977da6afbf194f7d30250e100cb81e4bb2c362955
- b8af4318595f1c17ba1b72665892d8ec748e90d08a48e69247b2556144d04f1b
- 85f4cbf9c22200ee71cd3817786db2e436d9d04697c96678922939feecc18ab0
- adb08093c6388d304645b2f03e879f69dac9f46d428344220022538ad3af7bd8
- 458d2009228324bfdfcf0e3574d0bc2a433f3cf9e7c5c042d4eab71d5c31b1ba
- 687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2
- 417bace90f0a45fa96ab2a0e2fdad0fe2b6e6a404fe1e3af63b55135d2c743d7
- 8b4c1ac41d28523747ce4038de33aa969994fcb4ca1aff7266f0eb8aa0ffc7b9
- 45b6daf37fbd40c38f6765bb63d07b16324f0c91
- 57f5f0f6f0bd14cdf36bf7de9462c023bd13d1bfdb93a3e46db6249e2b63dbaa
- dfff54d42b60017684805abb5ee34ab2da491dbcdf3a258852cfa439b878d4af
- f4272104d21c8cc48a6d277f0ad59afd8950bb7fd14b99a063d441ec44fc91c5
- 06e46fcadbd0e5fb07aa8d7cccdf0000a25733f20fcf58e30670b460659394a8
- 167fff1db7203da539df913e27bbc646f89e580e646040134d50051e52be9fea
- f00395da1c2838b95084d18a8da2d6dbe89ae74b00508e4dafcd65198ba0843c
- 65d1cb1f99df762a71c6f90a56f5b8a0d9d99154a411b273eb3a5061ba7d950f
- 967e44d475d98dd2fa1627dee80ea0f930f0ef10592225fafc284a2bdbea1bcc
- dff1b1f13d3b70e23a506809e509726b2cff89b0586b1866a4aa5ef629468cad
- a58aa736bb3f7275238bbebe18bf24769ec6c742e46bc85783b832809163b89b
- 8ac1e34fc3cc4e30206c3708d0e414c9327f783c5763d6d17bed493e26969a10
- cfeec2b8a9d8de2bc635762c6e7146e66e107a68cefa98bb5bbb5eb01a6b3c66
- 522eac2353580ba8257613ef7223de9d25692584124ca16daa76109f8176b34a
- 1125c45d285c360542027d7554a5c442288974de
- 93e1e1f7f4630b866ed9ff0b7109060563470326e4b86d6e4b21ce3393d1bf8f
- d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f
- db057d6796337e05812ca2926b5503442f2201c53afb506e90c279e11bf1a7af
- d97c3ae50b6cad342045d900154326d02332496c155d07382b233b110056b23a
- 21a2ee204af0ae5ce4b23da6ab16a426fc9534e04b8550b3a829154f4497fb35
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for coinbasecartel
Defense Evasion
T1036.005
Match Legitimate Resource Name or Location
T1070.001
Clear Windows Event Logs
T1562.001
Disable or Modify Tools
Discovery
T1018
Remote System Discovery
T1083
File and Directory Discovery
T1538
Cloud Service Dashboard
Execution
T1059.004
Unix Shell
T1059.006
Python
T1204.002
Malicious File
Impact
T1486
Data Encrypted for Impact
T1657
Financial Theft
Persistence
T1098.003
Additional Cloud Roles
T1136.001
Local Account
Victims(165)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Cambridge Mobile TelematicsNEW | — | US United States | Technology | Claimed | 1 day ago | |
| Openmind networks | openmindnetworks.com | GB United Kingdom | Technology | Claimed | 4 days ago | |
| Pragmatic Solutions | pragmatic.solutions | US United States | Professional Services | Claimed | 4 days ago | |
| Zywave | zywave.com | US United States | Professional Services | Claimed | 19 days ago | |
| Grafana | — | US United States | Technology | Claimed | 19 days ago | |
| Buenos Aires Software | bas.com.ar | AR Argentina | Technology | Claimed | 21 days ago | |
| Jozef Stefan Institute (IJS) | ijs.si | SI Slovenia | Education | Claimed | 23 days ago | |
| Alpinion | alpinion.com | KR South Korea | Healthcare | Claimed | 23 days ago | |
| Tab Service | tabservice.com | DE Germany | Professional Services | Claimed | 23 days ago | |
| Cass information Systems | cassinfo.com | US United States | Professional Services | Claimed | 23 days ago | |
| Kementerian Pertanian | pertanian.go.id | ID Indonesia | Government & Defense | Claimed | about 1 month ago | |
| Sea Telecom Br | seatelecom.com.br | BR Brazil | Technology | Claimed | about 1 month ago | |
| Precision Coating | precisioncoating.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| Integer Holdings | integer.net | US United States | Manufacturing | Claimed | about 1 month ago | |
| Sanna Web | sanna.pe | PE Peru | Technology | Claimed | about 1 month ago | |
| Peru LNG (Hunt LNG Operating Company) | perulng.com | PE Peru | Energy & Utilities | Claimed | about 1 month ago | |
| Aptim | — | US United States | Professional Services | Claimed | about 1 month ago | |
| SIG.biz | sig.biz | CH Switzerland | Manufacturing | Claimed | about 1 month ago | |
| Commscope | commscope.com | US United States | Technology | Claimed | about 1 month ago | |
| Playmates Toys | playmatestoys.com | HK Hong Kong | Manufacturing | Claimed | about 1 month ago |
Page 1 of 9
Affected countries(45)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇾Cyprus🇩🇪Germany🇩🇰Denmark🇪🇨Ecuador🇪🇸Spain🇫🇷France🇬🇧United KingdomGibraltarGuadeloupe🇬🇷Greece🇬🇹GuatemalaGuam🇭🇰Hong Kong🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇹Italy🇯🇵JapanKorea, Republic of🇲🇺Mauritius🇲🇽Mexico🇳🇦Namibia🇳🇱Netherlands🇵🇪Peru🇵🇰Pakistan🇵🇱Poland🇶🇦Qatar🇷🇴Romania🇸🇪SwedenTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa