HoneyMire Hub

Attack #170809 ssh

Captured 2026-06-16 03:27:51Z by Ka on honeypot FR1 ⬜ docker-edge · firmware 0.1.0.

Session recording

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in.

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
uname=$(uname -s -v -n -m 2>/dev/null)
arch=$(uname -m 2>/dev/null)
uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1)
cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1)
cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' )
gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50)
cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1)
ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1)
last_output=$(last 2>/dev/null | head -n 10)
echo "UNAME:$uname"
echo "ARCH:$arch"
echo "UPTIME:$uptime"
echo "CPUS:$cpus"
echo "CPU_MODEL:$cpu_model"
echo "GPU:$gpu_info"
echo "CAT_HELP:$cat_help"
echo "LS_HELP:$ls_help"
echo "LAST:$last_output"
cat: /home/guest/sed:: No such file or directory
cat: /home/guest/command: No such file or directory
cat: /home/guest/not: No such file or directory
cat: /home/guest/found: No such file or directory
cat: /home/guest/awk:: No such file or directory
cat: /home/guest/command: No such file or directory
cat: /home/guest/not: No such file or directory
cat: /home/guest/found: No such file or directory
-bash: print: command not found
-bash: null) | awk NF{print: command not found
-bash: null | head -n50)
cat_help=-bash: tr: command not found || cat --help 2>&1)
ls_help=-bash: tr: c: command not found

Credentials

Username: guest

Password: 1234567

1 login attempt(s) before disconnect.

Geolocation hub-resolved

🇧🇬Bulgaria · Varna · Varna

BULLETGROUP · 43.18,27.90

Network: unknown · BULLETGROUP · geoip · low confidence

Behavioral classification

🤖 55% confidence

Automated tool, unknown family — uniform timing but no matched signature.

Matched signals:

• marker echo bytes

Command summary

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
uname=$(uname -s -v -n -m 2>/dev/null)
arch=$(uname -m 2>/dev/null)
uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1)
cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1)
cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' )
gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50)
cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1)
ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1)
last_output=$(last 2>/dev/null | head -n 10)
echo "UNAME:$uname"
echo "ARCH:$arch"
echo "UPTIME:$uptime"
echo "CPUS:$cpus"
echo "CPU_MODEL:$cpu_model"
echo "GPU:$gpu_info"
echo "CAT_HELP:$cat_help"
echo "LS_HELP:$ls_help"
echo "LAST:$last_output"

Reported to threat intel

none