IoT devices, specifically TP-Link Archer AX21 (AX1800) routers.
Ensure your TP-Link Archer AX21 is updated to the latest firmware (at least version 1.1.4 Build 20230219) to patch the exploited vulnerability.
It primarily spreads via CVE-2023-1389 , an unauthenticated command injection and Remote Code Execution (RCE) flaw in the router's web management interface. Key Capabilities: CondiV3-KingOfZero.rar
Linked to the alias zxcr9999 on Telegram, who operates the "Condi Network" channel.
CondiV3-KingOfZero.rar appears to be a compressed archive containing source code or binaries for , a Mirai-based Distributed Denial-of-Service (DDoS) botnet. "KingOfZero" likely refers to the developer or distributor of this specific version. Malware Profile: Condi Botnet Key Capabilities: Linked to the alias zxcr9999 on
Use an Endpoint Detection and Response (EDR) solution like Microsoft Defender to protect against these threats.
The malware typically does not survive a system reboot. To counter this, it deletes system binaries (like /usr/sbin/reboot or /usr/bin/shutdown ) to prevent the user from restarting the device. Malware Profile: Condi Botnet Use an Endpoint Detection
Condi is a malware that allows users to either rent the botnet for attacks or purchase its source code to run their own operations.