devman

184 tracked victims

·first seen 2023-06-07·last activity 2026-02-03

Group profile

Former RansomHub and INC Ransom affiliate.

MITRE ATT&CK TTPs

TA0001

Initial Access

T1078Valid Accounts
Use of valid credentials (malharbi) to access systems.
T1210Exploitation of Remote Services
Use of the MS17-010 (EternalBlue) exploit.

TA0002

Execution

T1059.001PowerShell
Execution of PowerShell commands to extract files.
T1203Exploitation for Client Execution
Command execution using MS17-010 via Metasploit.

TA0003

Persistence

T1078Valid Accounts
Maintaining access with created administrator account.

TA0004

Privilege Escalation

T1068Exploitation for Privilege Escalation
Escalation to SYSTEM privileges.

TA0005

Defense Evasion

T1036Masquerading
Use of an innocuous name for the ransomware payload (iamdidy.e).
T1562.001Disable or Modify Tools
No security tools detected on target systems.

TA0006

Credential Access

T1003OS Credential Dumping
Implied by acquisition and use of admin credentials.

TA0007

Discovery

T1018Remote System Discovery
Network mapping using CrackMapExec.
T1046Network Service Scanning
Scanning IP ranges and SMB services.
T1082System Information Discovery
Using tasklist and whoami to collect system info.

TA0008

Lateral Movement

T1021.002SMB/Windows Admin Shares
Lateral movement through SMB confirmed by CME.

TA0009

Collection

T1005Data from Local System
File extraction from local system using PowerShell.

TA0010

Exfiltration

T1041Exfiltration Over C2 Channel
Downloading files like notepad.exe via smbclient.

TA0040

Impact

T1486Data Encrypted for Impact
Encryption of files with .devman extension (changed at operator's request).
T1489Service Stop
Halting operations and rendering systems unavailable.
T1490Inhibit System Recovery
Disabling backups and system recovery.
T1491Defacement
Ransom notes (ransom.txt) deployed across infected systems.

Recent victims

showing 50 of 184

Date	Website / victim	Sector	Country
2026-02-03	Crystal Coast Pain Managementcrystalcoastpm.com	Healthcare	US
2026-02-02	ENCOMPASS-INCencompass-inc.com	Financial Services	US
2026-01-30	woodwardoralsurgery.comwoodwardoralsurgery.com	Healthcare	SJ
2026-01-30	wjnklaw.comwjnklaw.com	Not Found	US
2026-01-26	consultaegis.comconsultaegis.com	Public Sector	US
2026-01-28	Z zallc.orgzlc.o*g	Financial Services	US
2026-01-26	*vandenberg.com*vandenberg.com	Not Found	US
2026-01-28	ps.netps.net	Not Found	US
2026-01-28	tiw-group.comtiw-group.com	Technology	SJ
2026-01-28	Z zlc.ogzlc.og	Financial Services	US
2026-01-27	twi-group.comtwi-group.com	Transportation/Logistics	US
2026-01-26	cnltai.comcnltai.com	Public Sector	US
2026-01-25	cs.atcs.at	Financial Services	AT
2026-01-25	.at.at	Not Found	AT
2026-01-24	* ***crnemds.cm***crnemds.cm	Healthcare	SJ
2026-01-24	* **-grup.com	Not Found	SJ
2026-01-20	automax.comautomax.com	Consumer Services	IN
2026-01-20	Syrmasgssyrmasgs.com	Business Services	IN
2026-01-20	**msic.fi**msic.fi	Not Found	FI
2026-01-20	W www.****law.com	Financial Services	US
2026-01-21	*oms-.comoms-*.com	Not Found	US
2026-01-21	www.mims.comwww.mims.com	Healthcare	SN
2026-01-21	www.saundersandsaunders.comwww.saundersandsaunders.com	Not Found	US
2026-01-20	Tvgoianiatvgoiania.com.br	Consumer Services	BR
2026-01-12	klhindustries.comklhindustries.com	Manufacturing	US
2026-01-12	pronaca.compronaca.com	Agriculture and Food Production	SJ
2026-01-11	consigaz.com.brconsigaz.com.br	Energy	BR
2026-01-11	sealbeachca.govsealbeachca.gov	Public Sector	US
2026-01-11	sealbeachpd.comsealbeachpd.com	Public Sector	US
2026-01-11	*****mdial.com*****medical.com	Healthcare	US
2026-01-12	***tlcatpm.com***tlcatpm.com	Healthcare	SJ
2026-01-12	s*p.coms*p.com	Business Services	SJ
2025-12-25	Intonu.comIntonu.com	Financial Services	US
2025-12-27	oppornity*.orgoppornity*****.org	Healthcare	US
2025-12-27	J Jennings SDJennings SD	Financial Services	US
2025-12-28	sharinc.orgsharinc.org	Business Services	US
2025-12-25	kavi.fikavi.fi	Business Services	FI
2025-12-25	io.usio.us	Technology	US
2025-12-25	*indes.comind*es.com	Business Services	US
2025-12-18	Clínica Dáviladavila.cl	Healthcare	CL
2025-12-22	kv.fikv.fi	Business Services	FI
2025-12-19	transrocamar.comtransrocamar.com	Financial Services	ES
2025-12-22	British Holiday & Home Parks Association Ltdwww.bhhpa.org.uk	Hospitality and Tourism	UK
2025-12-19	C consult***.cconsult***.c	Financial Services	US
2025-12-19	ne-ain**e-ai.com	Technology	CN
2025-12-19	***soc**.com*soc****.com	Financial Services	ES
2025-12-17	Culinary Jet Conciergewww.culinaryjetconcierge.com	Hospitality and Tourism	FR
2025-12-16	beausejourco-op.crsbeausejourco-op.crs	Agriculture and Food Production	CA
2025-12-18	dv*.cldv***.cl	Healthcare	CL
2025-12-16	Axion50pluswww.axion50plus.org	Financial Services	CA