coinbase cartel
Ransomware group profile
169Victims
85Impact score
Description
Coinbase Cartel is a cyber-extortion group that emerged in September 2025, focusing on data exfiltration to extract ransom rather than conventional ransomware tactics. They utilize partnerships with other cybercriminals and exploit stolen credentials to penetrate target systems, often leaving victims unaware until they demand payment. Their strategy emphasizes stealth and immediate financial gain through a unique extortion model without significant operational disruption.
Key insights
- •Coinbase Cartel specializes in data exfiltration for financial gain without encrypting files.
- •They primarily use old infostealer credentials to access cloud environments and FTP servers.
- •The group employs tactics like staged data leaks and a dedicated chat interface for ransom negotiations.
- •Their operation is characterized by partnerships with cybercriminals and bids for zero-day exploits.
- •Attacks are typically aimed at enterprise-level organizations across various sectors.
Threat Level & Status Breakdown
For coinbase cartel · Based on incidents in selected period
2.5threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality1.2/ 10
Status Breakdown
Claimed94.1%159
First seenSep 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for coinbase cartel in the selected period
169Total attacks
46peak in Apr
16.9avg / month
↓ 11 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for coinbase cartel
- e96325bbb60a04cad182891515c14964dbd873cb9d7625fa5a4d736dc68246d1
- 04461a6b8ac0fea7f089d739aee9ed081d9a1fa30c837214ef3cd50e60be0804
- dc3ae750cf807ffbc0fc8730e72bf1151cb5ddd8f5ba9c92c22e79ad14078a63
- 5f9e5448da034de96febe86d86e32db73b30597abd5d83266301666f21f784e7
- 560f0836fb6ba9e4d52cffc05d11f3bd11ab1d9830ded2bf21342394693cb02b
- a686b29f491b1779cf0e616dbee999e8
- b54178095c398f10b2e5882e2822cc9be405026c8566d545dff29f4b000563a8
- a42656e5ad3c22bc0833ddb2d250bfa1839a28f8a27f941e2ec5e5dbc9ad757e
- ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
- a96e21eef9d729853853c63b8f81bacb
- 7b178a0aa4bd7c5ccf5b624a6bd11e2a
- a61851cb441f303f337d4f04713cd0c5238bf99d96263ea4b9c9d6e0da4de44b
- ffce3a027191888d44de16e546429396c49dbe6fd7bd7caba8512a65f5686296
- 9ecb62824c4a6a7e1d9c35836391fcdfcc192a36742816161b0babfd368ec5a9
- 7406a9fc765bf2c160805e9640c30c92f59ef6b967f6df9d50b73b709e6a9e8f
- 7589cbbe2825a9ed7fcdbaf303a50a71f94601333ecae536caa26f45805eb32f
- fa1067298bed9e95fc864e95c91012d98593c019e1c11910fa6a1cee53263a78
- dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
- 6eb0b21b01e6326dc3f062c37d64dfe12181ed7f1b0440b2f472fcaeef10cbd9
- 8298208653df9787cfe447c0cd3ff2ad50ceab379bb87ca11d529a05ab090be5
- 49ecbb637a473ec76fefa8c05811a1cc2a3c2dd44a1df0c323b14a916863d1d4
- ef561fb520e1db20adc7351e4bc599036dc5cd81ebf8e1323c725ae792abc50e
- 18b15d943807744f0cf2e94eebbcdcf5379a75535e9d93b501d88df2fd157eec
- f0e88953b023ca85247155758c33ab0787f0ce10d6d48216bcef18e476ca4b94
- aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
- be7ce2070d1e5e5dc1e2151b5431667161ccf5689db31566a6b49228da2c95fc
- f982d10af471880bf7da1e374d7f92973ad4346a896e220a411ec06c32a85174
- d4f3f8b96ab909e8e4023a8cff4b0a9090c6f1bd01547521312f204777b62480
- 810f747c78d9e6dc93f7d12e714880b17cecc19a8c4351f33b5af23fc138ece3
- ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
- d8c5600c09b316689c21aba141044efe25d4cadfd7cab61bfe99269f134f45c2
- 207bfec939e7c017c4704ba76172ee2c954f485ba593bc1bc8c7666e78251861
- 95febad12000e0777970d544616c0b4163424a28ed513e84cdbf1ded6bb1d1f4
- d91e8f5aeaca913f4a462a1e9dfee5f57535671671f46815bddc02f2abe6ffae
- f4c0e951ac66b09816f04c3e256ef94a78f8d1285448bb7c64d1f396f99e1201
- 9a0c809142a92be3b4dd43506e7e4613ead2eba40ab3db1aafdc7575deceb7a2
- 8b68c70276a7086829deee0f9b165b3b4a6d28c0a026153dfe70b812ce27ce6a
- 17f5ee815db420cd97872e97d05504d5a7dbed7e51cf979daabf22be90abb4cc
- 5a0746efe225da2d41bd802670ef63d55a598fcdf12275283532144df6b7a1bb
- 40302e53abdb4a5b22e18809addf103d162ef5b748c50c1272758aeda48f2737
- af2de07aabb5cb1dd7523baf324badc99820a30db6a480bbba5c995d473f6bc9
- 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
- e17fe4e556638c9f2edac9939b77b05c47feefdf3064325df472063330791271
- e2f5aa9b4b43018dba456eee17ded1ff3232c6438648b3d36808dca6213fb557
- 9ea698e004e978a587fcd72e8f78bc4edb7c43bf6a069f833ff866759fe394dd
- e542c61ac26e366537d89ad2fbd8c5f448d440b4ff2174d10045c02197aa6bce
- 632c33e686ad1dcb4eed8cd5501425372ac16b43c81f082c4e9986cf5c3daaeb
- 07134bb7fd88e638834d180a55934c8375d7eced
- 4ac4e5c122bd5c2e324a6983999fc9be1bdecb95e39ddf5d4a92049af87f74bd
- a610ef0e37af408aa49c7296d238796c57ac45aa8b0809ce72bc4d75b23fdf4f
- 53b1d6cfbf38a0d3e80f58768e773df6462305c7efbed0aa9b6b4ad2d994581e
- 51312177a9c81ae610e7b73a8d3330c54c130baf901516351d250357d0c3ff6d
- bc6c535b32bdb75924d1aedcf4b5aa009387d86323da2007ad3f10eb86cf6ee5
- 14a268b68c64fb4ffa769f966e9a49648aebf4959c2e3a718bfb44e30f4c935a
- 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
- 10370f821ef2d769bcb287b3f5ab081c4949a97891a25a23688e8c553bd393df
- 7a9938273e502427d127d1aced6f9fe7fd25c7fdffe5319788f1e0588280734b
- a425738835542b948a934b8977da6afbf194f7d30250e100cb81e4bb2c362955
- b8af4318595f1c17ba1b72665892d8ec748e90d08a48e69247b2556144d04f1b
- 85f4cbf9c22200ee71cd3817786db2e436d9d04697c96678922939feecc18ab0
- adb08093c6388d304645b2f03e879f69dac9f46d428344220022538ad3af7bd8
- 458d2009228324bfdfcf0e3574d0bc2a433f3cf9e7c5c042d4eab71d5c31b1ba
- 687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2
- 1de182c1911ffdf5f4bec8a29af8c4fb9ef69f30d199b684cb2f8223b64694d2
- 417bace90f0a45fa96ab2a0e2fdad0fe2b6e6a404fe1e3af63b55135d2c743d7
- 8b4c1ac41d28523747ce4038de33aa969994fcb4ca1aff7266f0eb8aa0ffc7b9
- 45b6daf37fbd40c38f6765bb63d07b16324f0c91
- 57f5f0f6f0bd14cdf36bf7de9462c023bd13d1bfdb93a3e46db6249e2b63dbaa
- dfff54d42b60017684805abb5ee34ab2da491dbcdf3a258852cfa439b878d4af
- f4272104d21c8cc48a6d277f0ad59afd8950bb7fd14b99a063d441ec44fc91c5
- 06e46fcadbd0e5fb07aa8d7cccdf0000a25733f20fcf58e30670b460659394a8
- 167fff1db7203da539df913e27bbc646f89e580e646040134d50051e52be9fea
- f00395da1c2838b95084d18a8da2d6dbe89ae74b00508e4dafcd65198ba0843c
- 65d1cb1f99df762a71c6f90a56f5b8a0d9d99154a411b273eb3a5061ba7d950f
- 967e44d475d98dd2fa1627dee80ea0f930f0ef10592225fafc284a2bdbea1bcc
- dff1b1f13d3b70e23a506809e509726b2cff89b0586b1866a4aa5ef629468cad
- a58aa736bb3f7275238bbebe18bf24769ec6c742e46bc85783b832809163b89b
- 8ac1e34fc3cc4e30206c3708d0e414c9327f783c5763d6d17bed493e26969a10
- cfeec2b8a9d8de2bc635762c6e7146e66e107a68cefa98bb5bbb5eb01a6b3c66
- 522eac2353580ba8257613ef7223de9d25692584124ca16daa76109f8176b34a
- 1125c45d285c360542027d7554a5c442288974de
- 93e1e1f7f4630b866ed9ff0b7109060563470326e4b86d6e4b21ce3393d1bf8f
- d73f7ee4e6e992a618d02580bdbf4fd6ba7c683d110928001092f4073341e95f
- db057d6796337e05812ca2926b5503442f2201c53afb506e90c279e11bf1a7af
- d97c3ae50b6cad342045d900154326d02332496c155d07382b233b110056b23a
- 21a2ee204af0ae5ce4b23da6ab16a426fc9534e04b8550b3a829154f4497fb35
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for coinbase cartel
Other
T1078
T1078
T1486
T1486
T1203
T1203
T1562
T1562
T1021
T1021
T1046
T1046
T1592
T1592
T1040
T1040
T1027
T1027
T1080
T1080
T1059
T1059
T1068
T1068
Victims(169)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Demand.io | — | — | Professional Services | Claimed | 7 days ago | |
| Demand.ioNEW | — | — | Technology | Claimed | 14 days ago | |
| Cambridge Mobile TelematicsNEW | — | — | Technology | Claimed | 17 days ago | |
| - CognizantNEW | — | US United States | Technology | Claimed | 28 days ago | |
| Openmind networks | — | — | Technology | Claimed | 29 days ago | |
| Pragmatic Solutions | — | — | Hospitality | Claimed | 29 days ago | |
| Panasonic Aero | — | — | Technology | Claimed | 29 days ago | |
| Zywave | — | — | Professional Services | Claimed | about 1 month ago | |
| Grafana | — | US United States | Technology | Claimed | about 1 month ago | |
| Buenos Aires Software | — | AR Argentina | Technology | Claimed | about 1 month ago | |
| Jozef Stefan Institute (IJS) | — | — | Education | Claimed | about 1 month ago | |
| Alpinion | — | — | Healthcare | Claimed | about 1 month ago | |
| Tab Service | — | — | Professional Services | Claimed | about 1 month ago | |
| Cass information Systems | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Sanna Web | — | PE Peru | Technology | Claimed | about 2 months ago | |
| Peru LNG (Hunt LNG Operating Company) | — | PE Peru | Energy & Utilities | Claimed | about 2 months ago | |
| Aptim | — | US United States | Professional Services | Claimed | about 2 months ago | |
| Kementerian Pertanian | — | ID Indonesia | Government & Defense | Claimed | about 2 months ago | |
| Sea Telecom Br | — | BR Brazil | Technology | Claimed | about 2 months ago | |
| Precision Coating | — | US United States | Manufacturing | Claimed | about 2 months ago |
Page 1 of 9
Affected countries(49)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇾Cyprus🇩🇪Germany🇩🇰Denmark🇪🇨Ecuador🇪🇸Spain🇫🇷France🇬🇧United KingdomGibraltarGuadeloupe🇬🇷Greece🇬🇹GuatemalaGuam🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇹Italy🇯🇵JapanKorea, Republic of🇲🇹Malta🇲🇺Mauritius🇲🇽Mexico🇳🇦Namibia🇳🇱Netherlands🇵🇪Peru🇵🇰Pakistan🇵🇱Poland🇶🇦Qatar🇷🇴Romania🇸🇪Sweden🇸🇬SingaporeTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa