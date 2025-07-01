DUBAI, DUBAI, UNITED ARAB EMIRATES, July 1, 2025 /EINPresswire.com/ -- ANY.RUN, a trusted provider of cybersecurity solutions, has published a new technical analysis revealing a ransomware variant that blends traits of DragonForce and Conti families with indicators of a newer actor known as DEVMAN.

𝐃𝐄𝐕𝐌𝐀𝐍: 𝐀 𝐍𝐞𝐰 𝐓𝐡𝐫𝐞𝐚𝐭 𝐀𝐜𝐭𝐨𝐫 𝐓𝐚𝐫𝐠𝐞𝐭𝐢𝐧𝐠 𝐄𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞𝐬

DEVMAN is a relatively new actor has recently emerged under this name, featuring its own Dedicated Leak Site (DLS) called Devman’s Place, a separate infrastructure, and nearly 40 claimed victims, primarily in Asia and Africa, with occasional incidents in Latin America and Europe.

𝐃𝐄𝐕𝐌𝐀𝐍 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞: 𝐀 𝐇𝐲𝐛𝐫𝐢𝐝 𝐓𝐡𝐫𝐞𝐚𝐭

The analyzed sample, initially labeled as DragonForce by antivirus engines, was revealed to be a lightly modified build. It appends the “.DEVMAN” extension to encrypted files, scrambles filenames using a deterministic function, and, due to a builder flaw, encrypts its own ransom notes before victims can read them.

𝐊𝐞𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬 𝐨𝐟 𝐭𝐡𝐞 𝐃𝐄𝐕𝐌𝐀𝐍 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐞:

· 𝗟𝗼𝗰𝗮𝗹 𝗲𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻: No external C2 traffic was detected; all behavior is confined to the local system.

· 𝗦𝗠𝗕 𝗽𝗿𝗼𝗯𝗶𝗻𝗴: The sample attempts to access hardcoded SMB shares such as ADMIN$.

· 𝗖𝗼𝗻𝘁𝗶-𝘀𝘁𝘆𝗹𝗲 𝗽𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲: The use of mutexes and the Windows Restart Manager mirrors tactics from Conti and DragonForce campaigns.

To explore the full technical breakdown and see how DEVMAN behaves inside the sandbox, visit the ANY.RUN blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN offers a comprehensive suite of cybersecurity solutions, including their Interactive Sandbox and advanced Threat Intelligence services. Trusted by over 15,000 companies worldwide, ANY.RUN enables dynamic malware analysis across Windows, Linux, and Android systems.

In addition to sandboxing, ANY.RUN provides Threat Intelligence Lookup, Feeds, and YARA Search, helping security teams detect, investigate, and respond to threats with greater speed and accuracy.

