HoneyMire Hub

Attack #291792 telnet

Captured 2026-06-29 18:38:54Z by Ka on honeypot NY1 ⬜ docker-edge · firmware 0.1.0.

Source116.41.81.52:42006
Target port23
Authenticatedyes
Commands6
Duration41.1s

Session recording

Loading session…

Transcript

Server output and attacker input as captured, line-grain. Malware URLs are obscured until sign-in. 

DVRDVS DVR System
Type ? for help

dvrdvs> sh
dvrdvs> shell
dvrdvs> enable
dvrdvs> system
dvrdvs> ping; sh
PING 127.0.0.1 (10.0.0.1): 56 data bytes
dvrdvs> 
dvrdvs> /bin/busybox cat /proc/self/exe || cat /proc/self/exe
cat: /proc/self/exe: No such file or directory
cat: /proc/self/exe: No such file or directory
dvrdvs>

Credentials

Username: root

Password: Telkom13

3 login attempt(s) before disconnect.

Geolocation hub-resolved

🇰🇷South Korea · Seoul · Seongdong-gu

LG POWERCOMM · AS17858 LG POWERCOMM · 37.54,127.03

Network: unknown · LG POWERCOMM · geoip · low confidence

Behavioral classification

🦠 80% confidence

Mirai-family IoT botnet — wget + chmod + exec; tries common router/IP-cam credentials.

Matched signals:

Command summary

sh
shell
enable
system
ping; sh
/bin/busybox cat /proc/self/exe || cat /proc/self/exe

Reported to threat intel

none

HoneyMire Hub · open feed: / · API: /api · docs: /docs · blocklists: /blocklists · about: /about · firmware: github.com/HoneyMire/HoneyMire