Condi

Malware updated 12 days ago (2024-10-17T13:01:07.544Z)
Download STIX
Preview STIX
The Condi botnet, a form of malware, has been identified as a significant threat to unpatched TP-Link devices. The malware is recognized by the string "condi" and upon execution, sends numerous DNS queries to "trcpay[.]xyz." The botnet first attempts to resolve the Command and Control (C2) server address and function. In addition to this, it has been noted for exploiting the vulnerability CVE-2023-1389 to gain control over devices and execute its malicious activities. This flaw was previously exploited by another botnet known as Mirai Variant - JenX. FortiGuard Labs' analysis in 2023 revealed that the Condi botnet, along with another called Unstable, were utilizing cloud storage and computing services operators to distribute malware payloads and updates to a wide range of devices. FortiGuard had previously disclosed the spread of the Condi DDoS botnet via TP-Link's CVE-2023-1389. Both Condi and Unstable have been under scrutiny for their ability to exploit these vulnerabilities and conduct distributed denial-of-service (DDoS) attacks. A threat actor began advertising the Condi botnet through a "Condi Network" Telegram channel launched in May 2022. The actor monetized the service by offering DDoS attacks and selling the source code for the botnet itself. Furthermore, Fortinet reported in 2023 a DDoS-for-hire service selling website disruptions using Condi, which is also a variant of the Mirai botnet. These developments highlight the increasing sophistication and commercialization of such cyber threats.
Description last updated: 2024-10-17T12:15:42.679Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Exploit
Fortiguard
Ddos
Malware
Telegram
Ddos Botnet
Tp
Vulnerability
Denial of Se...
denial-of-se...
Android
exploitation
Bot
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Condi. Mirai is a type of malware that specifically targets Internet of Things (IoT) devices to create a botnet, which can then be used for various malicious activities. The Mirai botnet had a significant impact in early 2022, accounting for over 7 million botnet detections globally. However, there was a 9is related to
5
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-1389 Vulnerability is associated with Condi. CVE-2023-1389 is a command injection vulnerability discovered in TP-Link Archer AX21 routers. This flaw in software design or implementation was publicly released in March of the year 2023 and has since been exploited by various malicious actors. Attack traffic through the vulnerable routers has beeUnspecified
5
Source Document References
Information about the Condi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Fortinet
2 months ago
InfoSecurity-magazine
4 months ago
Fortinet
4 months ago
BankInfoSecurity
6 months ago
DARKReading
6 months ago
Fortinet
6 months ago
Fortinet
7 months ago
SANS ISC
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago