Connected cars offer safety and efficiency both for individuals as well as for fleets of vehicles, companies and public transportation. However, equipping vehicles with information and communication technologies also raises privacy and security concerns, which significantly threaten the user's data and life. Using a bot malware, a hacker may compromise a vehicle and control it remotely, for instance he can disable breaks or start the engine remotely. In this paper, besides in-vehicle attacks existing in the literature, we consider new zero-day bot malware attacks specific to vehicular context, WSMP-Flood and Geo-WSMP Flood. Then, we propose AntibotV, a multilevel behaviour-based framework for vehicular botnets detection in vehicular networks. The proposed framework combines two main modules for attacks detection, the first one monitors the vehicles activity at the network level, whereas the second one monitors the in-vehicle activity. The two intrusion detection modules have been trained on historical network and in-vehicle communication using decision tree algorithms. The experimental results showed that the proposed framework outperforms existing solutions, it achieves a detection rate higher than 97% and a false positive rate lower than 0.14%.