Devman

Compare

Parsing: enabled Known RaaS

Description

DevMan is a ransomware variant first observed in April 2025. It is a customized derivative of the DragonForce family, leveraging attacker-operated infrastructure for double-extortion, where both data theft and encryption are employed to pressure victims. The threat is highly organized, targeting sectors such as technology, construction, public services, healthcare, and consumer services across Asia, Africa, and Europe.

External Analysis4

External Analysis
https://medium.com/@anyrun/devman-ransomware-analysis-of-new-dragonforce-variant-ede707fd30b1
https://www.broadcom.com/support/security-center/protection-bulletin/devman-a-new-dragonforce-ransomware-variant
https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/devman
https://www.hivepro.com/threat-advisory/devman-ransomware-is-a-new-derivative-of-the-dragonforce-family/

Tox1

Tox
9D97F166730F865F793E2EA07B173C742A6302879DE1B0BBB03817A5A04B572FBD82F984981D

Urls1

Url	Status	Screen	Uptime 30d	Health
http://qljmlmp4psnn3wqskkf3alqquatymo6hntficb4rhq5n76kuogcv7zyd.onion/	Down		0%

Activity (interactive) 49

Posts49

Date	Title	Screen
2025-06-07	NSSF KENYA(negotiation started) /nssf.zip - first samle /nssfwriteup.html - writeup
2025-06-02	DHL THAILAND
2025-05-31	lantro.com
2025-05-26	dmbarone.com
2025-05-26	Gobierno del Estado de Colima
2025-05-25	SAVE THIS PGP MESSAGE
2025-05-25	www.nijar.es
2025-05-23	www.paragonradiology.com
2025-05-23	netstar.co.za
2025-05-23	NSSF KENYA(negotiation started)
2025-05-19	NSSF KENYA
2025-05-19	TBD KOREA
2025-05-19	TBD HONK KONG
2025-05-19	TBD GREECE
2025-05-19	TOHO-CO
2025-05-19	TBD KENYA
2025-05-19	piriou.vn
2025-05-11	tvgoiania.com.br
2025-05-10	Pienaar Brothers (DevMan Ransomware)
2025-05-10	Victim from Japan
2025-05-09	dailynews.co.th (DevMan Ransomware)
2025-05-07	https://www.gmanetwork.com/news/(DevMan Ransomware)
2025-05-05	https://pestbusters.com.sg/
2025-05-02	smvthailand.com
2025-05-01	Chinese Healthcare Organisation (TBD)
2025-05-01	Singapour Factory
2025-05-01	South African IT firm (TBD)
2025-05-01	South African Hr company (TBD)
2025-05-01	dovesit.co.za (Ransomhub)
2025-04-25	EU victim (To be discoled)
2025-04-24	China Harbour (s) Engeneiring Company (Dragon Force Attack) FILE SAMPLE 1 avaliable /CHEC/
2025-04-20	Premier Meats South Africa(Only files where exflitrated)
2025-04-20	Feel Four (QILIN Attack)
2025-04-20	Singapour Victim (To be discoled)
2025-04-20	Honk Kong Victim (To be discoled)
2025-04-20	China Harbour (s) Engeneiring Company (Dragon Force Attack)
2025-04-13	FEELFOUR (QILIN)
2025-04-12	Company located in catalonia ES (Name - soon)
2025-04-12	Med institute (Name - soon)
2025-04-12	Prvate hospital (Name - soon)
2025-04-12	Bangkok Electronics Co., Ltd (QILIN)
2025-04-07	Tawasol (APOS Attack)	Screen
2025-04-07	Texas Construction Firm(QILIN)
2025-04-07	Optimax Technology(QILIN)
2025-04-07	Doumen.fr(QILIN)
2025-04-06	Dubai Company
2025-04-06	Texas Construction Firm
2025-04-06	Optimax Technology
2025-04-06	doumen.fr