HoneyMire Hub

Attack #292034 telnet

Captured 2026-06-29 19:29:39Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Source1.164.80.222:42361
Target port23
Authenticatedyes
Commands1
Duration40.1s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

[MikroTik] > /bin/busybox BOTNET
BOTNET: applet not found
[MikroTik] >

Credentials

Username: shell

Password: sh

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇹🇼Taiwan · Hsinchu City · Hsinchu

Chunghwa Telecom Co., Ltd. · AS3462 Data Communication Business Group · 24.81,120.97

Network: residential · HiNet · Cable/DSL/ISP · peeringdb · medium confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

Command summary

/bin/busybox BOTNET

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire