Devman
Parsing : Enabled
Known to be a RaaS
Description
DevMan is a ransomware variant first observed in April 2025. It is a customized derivative of the DragonForce family, leveraging attacker-operated infrastructure for double-extortion, where both data theft and encryption are employed to pressure victims. The threat is highly organized, targeting sectors such as technology, construction, public services, healthcare, and consumer services across Asia, Africa, and Europe.
| External Analysis |
| https://medium.com/@anyrun/devman-ransomware-analysis-of-new-dragonforce-variant-ede707fd30b1 |
| https://www.broadcom.com/support/security-center/protection-bulletin/devman-a-new-dragonforce-ransomware-variant |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/devman |
| https://www.hivepro.com/threat-advisory/devman-ransomware-is-a-new-derivative-of-the-dragonforce-family/ |
| Tox |
| 9D97F166730F865F793E2EA07B173C742A6302879DE1B0BBB03817A5A04B572FBD82F984981D |
| Urls |
Screen |
| http://qljmlmp4psnn3wqskkf3alqquatymo6hntficb4rhq5n76kuogcv7zyd.onion/ |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2025-06-07 |
NSSF KENYA(negotiation started) /nssf.zip - first samle /nssfwriteup.html - writeup |
|
|
| 2025-06-02 |
DHL THAILAND |
|
|
| 2025-05-31 |
lantro.com |
|
|
| 2025-05-26 |
dmbarone.com |
|
|
| 2025-05-26 |
Gobierno del Estado de Colima |
|
|
| 2025-05-25 |
SAVE THIS PGP MESSAGE |
|
|
| 2025-05-25 |
www.nijar.es |
|
|
| 2025-05-23 |
www.paragonradiology.com |
|
|
| 2025-05-23 |
netstar.co.za |
|
|
| 2025-05-23 |
NSSF KENYA(negotiation started) |
|
|
| 2025-05-19 |
NSSF KENYA |
|
|
| 2025-05-19 |
TBD KOREA |
|
|
| 2025-05-19 |
TBD HONK KONG |
|
|
| 2025-05-19 |
TBD GREECE |
|
|
| 2025-05-19 |
TOHO-CO |
|
|
| 2025-05-19 |
TBD KENYA |
|
|
| 2025-05-19 |
piriou.vn |
|
|
| 2025-05-11 |
tvgoiania.com.br |
|
|
| 2025-05-10 |
Pienaar Brothers (DevMan Ransomware) |
|
|
| 2025-05-10 |
Victim from Japan |
|
|
| 2025-05-09 |
dailynews.co.th (DevMan Ransomware) |
|
|
| 2025-05-07 |
https://www.gmanetwork.com/news/(DevMan Ransomware) |
|
|
| 2025-05-05 |
https://pestbusters.com.sg/ |
|
|
| 2025-05-02 |
smvthailand.com |
|
|
| 2025-05-01 |
Chinese Healthcare Organisation (TBD) |
|
|
| 2025-05-01 |
Singapour Factory |
|
|
| 2025-05-01 |
South African IT firm (TBD) |
|
|
| 2025-05-01 |
South African Hr company (TBD) |
|
|
| 2025-05-01 |
dovesit.co.za (Ransomhub) |
|
|
| 2025-04-25 |
EU victim (To be discoled) |
|
|
| 2025-04-24 |
China Harbour (s) Engeneiring Company (Dragon Force Attack) FILE SAMPLE 1 avaliable /CHEC/ |
|
|
| 2025-04-20 |
Premier Meats South Africa(Only files where exflitrated) |
|
|
| 2025-04-20 |
Feel Four (QILIN Attack) |
|
|
| 2025-04-20 |
Singapour Victim (To be discoled) |
|
|
| 2025-04-20 |
Honk Kong Victim (To be discoled) |
|
|
| 2025-04-20 |
China Harbour (s) Engeneiring Company (Dragon Force Attack) |
|
|
| 2025-04-13 |
FEELFOUR (QILIN) |
|
|
| 2025-04-12 |
Company located in catalonia ES (Name - soon) |
|
|
| 2025-04-12 |
Med institute (Name - soon) |
|
|
| 2025-04-12 |
Prvate hospital (Name - soon) |
|
|
| 2025-04-12 |
Bangkok Electronics Co., Ltd (QILIN) |
|
|
| 2025-04-07 |
Tawasol (APOS Attack) |
|
Screen |
| 2025-04-07 |
Texas Construction Firm(QILIN) |
|
|
| 2025-04-07 |
Optimax Technology(QILIN) |
|
|
| 2025-04-07 |
Doumen.fr(QILIN) |
|
|
| 2025-04-06 |
Dubai Company |
|
|
| 2025-04-06 |
Texas Construction Firm |
|
|
| 2025-04-06 |
Optimax Technology |
|
|
| 2025-04-06 |
doumen.fr |
|
|