KadNap (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.kadnap (Back to overview)

KadNap

According to Black Lotus Labs, KadNap primarily targets Asus routers, conscripting them into a botnet that proxies malicious traffic. It employs a custom version of the Kademlia Distributed Hash Table (DHT) protocol, which is used to conceal the IP address of their infrastructure within a peer-to-peer system to evade traditional network monitoring.

References

2026-03-10 ⋅ Lumen ⋅ Black Lotus Labs
Silence of the hops: The KadNap botnet
KadNap

There is no Yara-Signature yet.

KadNap Propose Change

References

KadNap