HoneyMire Hub

Attack #292039 telnet

Captured 2026-06-29 19:31:08Z by Ka on honeypot LU2 - SERVERS ⬜ docker-edge · firmware 0.1.0.

Session recording

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in.

Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-91-generic x86_64)

 * Documentation:  hxxps://help[.]ubuntu[.]com
 * Management:     hxxps://landscape[.]canonical[.]com
 * Support:        hxxps://ubuntu[.]com/advantage

  System information as of 2413039

  System load:  0.08              Processes:           98
  Usage of /:   23.4% of 19.56GB  Users logged in:     0
  Memory usage: 28%               IP address for eth0: 10.0.0.42
  Swap usage:   0%

0 packages can be updated.
0 updates are security updates.

Last login: Mon Sep  4 09:14:21 2023 from 192.168.1.5
system@ubuntu-server:~$ sh
system@ubuntu-server:~$ /bin/busybox UNSTABLE
UNSTABLE: applet not found
system@ubuntu-server:~$ 

Credentials

Username: system

Password: shell

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇺🇸United States · Virginia · Warrenton

GoDaddy.com, LLC · AS398101 GoDaddy.com, LLC · 38.71,-77.80

Network: unknown · GoDaddy.com, LLC · geoip · low confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

• BusyBox probing

Command summary

sh
/bin/busybox UNSTABLE

Reported to threat intel

none