KV
KV botnet is a botnet referenced in reporting on Chinese state-backed activity. According to the provided content, JDY was first identified in 2023 during an investigation into the KV botnet. KV was used for covert data transfer, while JDY was used for scanning and reconnaissance. The content states that the U.S. government disrupted or took down the KV botnet, but JDY remained active afterward. KV is also listed among botnets that have faced law enforcement scrutiny since 2021. No additional high-confidence technical details, infection vectors, targeted device types, malware capabilities beyond covert data transfer, specific threat actors, or indicators of compromise are provided in the content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A botnet used for covert data transfer, discussed in relation to the discovery of JDY.
Named as a botnet that has faced law enforcement scrutiny since 2021.
Referenced as a botnet that has faced law enforcement scrutiny/takedown activity since 2021.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.