HoneyMire Hub

Attack #291308 telnet

Captured 2026-06-29 16:57:04Z by Ka on honeypot SG1 ⬜ docker-edge · firmware 0.1.0.

Source208.82.117.124:58726
Target port23
Authenticatedyes
Commands2
Duration156.9s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in.

BusyBox v1.35.0 (2022-12-01) built-in shell (ash)
Enter 'help' for a list of built-in commands.

router:~# sh
router:~# /bin/busybox UNSTABLE
UNSTABLE: applet not found
router:~# 

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇺🇸United States · California · San Clemente

NDCHost · AS33322 Network Data Center Host, Inc. · 33.45,-117.60

Network: unknown · NDCHost · geoip · low confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

Command summary

sh
/bin/busybox UNSTABLE

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire