We have amassed SSH and telnet honeypot information in numerous formats for nearly a decade. The logs from yesterday, combined with the observation of some fresh usernames tried earlier today, led me to question whether botnets simply append new usernames or eliminate outdated ones from their rosters. Consequently, I extracted some information from our database to validate this theory. I didn’t dedicate extensive time to this, and a more thorough examination would be beneficial. Nonetheless, here are the initial findings: