HoneyMire Hub

Attack #291986 telnet

Captured 2026-06-29 19:17:32Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Session recording

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in.

OpenWrt BARRIER BREAKER 14.07 r42625

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |
 |   -   ||  _  |  -__|     ||  |  |  ||   _||  |
 |_______||   __|_____|__|__||________||__|  |__|
 |  _  | |  |  W I R E L E S S    F R E E D O M
 | | | | |  |  BARRIER BREAKER (14.07, r42625)
 |_|_|_|_|__|_|_____________________________

OpenWrt:~# sh
OpenWrt:~# /bin/busybox UNSTABLE
UNSTABLE: applet not found
OpenWrt:~# 

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇺🇸United States · Georgia · Atlanta

HIVELOCITY, Inc. · AS29802 HIVELOCITY, Inc. · 33.75,-84.39

Network: residential · Hivelocity LLC · Cable/DSL/ISP · peeringdb · medium confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

• BusyBox probing

Command summary

sh
/bin/busybox UNSTABLE

Reported to threat intel

none