Devman / Devman 2.0 | Parent: ransomhub
| Active | RaaS
Former RansomHub and INC Ransom affiliate.
Victims
187
First Discovered
2025-04-06
victim
Last Discovered
2026-02-04
victim
Inactive Since
57
days
Avg Delay
27.2
days
Infostealer
20.5%
victims with domain
Known Locations (3)
Target (Available)
Top 5 Activity Sectors
- Technology 25
- Healthcare 20
- Public Sector 12
- Construction 7
- Agriculture and Food Production 6
Top 5 Countries
-
United States
39
-
France
9
-
Taiwan, Province of China
7
-
Svalbard and Jan Mayen
7
-
Thailand
6
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)
No tools used available.
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (11)
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|
| Exploitation of Remote Services | PowerShell | Valid Accounts | Exploitation for Privilege Escalation | Masquerading | OS Credential Dumping | Remote System Discovery | SMB/Windows Admin Shares | Data from Local System | Exfiltration Over C2 Channel | Data Encrypted for Impact |
| Valid Accounts | Exploitation for Client Execution | Disable or Modify Tools | Network Service Scanning | Inhibit System Recovery | ||||||
| System Information Discovery | Service Stop | |||||||||
| Defacement |
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (5)
IP
3
TOX
1
TWITTER
1
| Type | IOC |
|---|---|
ip
|
83.217.209.210
|
ip
|
38.132.122.213
|
ip
|
38.132.122.214
|
tox
|
9D97F166730F865F793E2EA07B173C742A6302879DE1B0BBB03817A5A04B572FBD82F984981D
|
twitter
|
@Inifintyink
|
Victims (187)
The data contains materials of national security including BIO laboratory facilities blue prints, an…
[AI generated] TIW Group is a specialist software firm with over 30 years of experience in developin…
[AI generated] TWI Group is a specialized freight forwarder and logistics provider that primarily fo…
The data contains materials of national security including BIO laboratory facilities blue prints, an…
[AI generated] AutoMax.com is a leading used car dealership group in the US. Known for its wide rang…
[AI generated] Mims.com is an online resource for medical professionals used mainly in Asia-Pacific …
[AI generated] Consigaz is a Brazilian company that specializes in the distribution of Liquefied Pet…
data theft, evidence, officers personal information police reports, DEA open cases information…
Patients' full records, HIV test results, IDs.
Throughout a long waiting period, and despite a vast…
[AI generated] Hopital La Rabta is a major hospital located in Tunis, Tunisia. It provides a wide ar…
