Introduction
DevMan is a ransomware variant first observed in April 2025. It is a customized derivative of the DragonForce family, leveraging attacker-operated infrastructure for double-extortion, where both data theft and encryption are employed to pressure victims. The threat is highly organized, targeting sectors such as technology, construction, public services, healthcare, and consumer services across Asia, Africa, and Europe.
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.