Skip to main content

Operator dossier

Bashe is a ransomware operator currently active on public leak sites. Auto-discovered from ransomware tracking sources

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Active ransomware operator

All groups

Bashe

0 victims indexed · last activity 1 year ago

0
Victims indexed
Active period
Countries hit

At a glance

Status
active
First seen
Last activity
1 year ago
Onion sites
5 known endpoints

About

Auto-discovered from ransomware tracking sources

Recent victims

Loading…

Onion infrastructure

5 known
  • http://bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion
  • http://basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
  • http://bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion
  • http://basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion
  • http://basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion

Source

Updated 1 year ago

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.

Get alerted the next time Bashe posts a victim.

Add Bashe to your watchlist — Pro pings you within 5 minutes of any new Bashe leak-site post, Telegram callout, or affiliate-rebrand inference.