APT / THREAT GROUP
Kimwolf
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
KIMWOLF is an android based malware which uses compromised systems to relay malicious and abusive Internet traffic, as well as participating in distributed denial-of-service (DDoS). KIMWOLF primarily infects unofficial Android-TV set-top boxes and digital photo frames. The malware has frequently been noted to achieve infection spread via abusing Android Debug Bridge (ADB) and residential proxies. There are multiple reports suggesting a connection to the Aisuru botnet, with Kimwolf acting as the Android variant.
Threat Analysis
Kimwolf is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Kimwolf
Canadian man arrested, charged for running KimWolf DDos botnet
The Record· May 22, 2026
Canadian Man Arrested for Operating Kimwolf Botnet
SecurityWeek· May 22, 2026
US and Canada arrest and charge suspected Kimwolf botnet admin
BleepingComputer· May 22, 2026
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
The Hacker News· May 22, 2026
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Krebs on Security· May 21, 2026
US seizes domains and infrastructure used in sprawling botnet campaigns
The Record· Mar 20, 2026
International joint action disrupts world’s largest DDoS botnets
BleepingComputer· Mar 20, 2026
Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation
SecurityWeek· Mar 20, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Kimwolfapk.kimwolf
External Intelligence
Malpedia: apk.kimwolfResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.