I've build a simple telnet honeypot that emulated some embedded device.
I also got thousand of samples. I think it was mostly different strains of Mirai.
I learned some things about how bots fingerprint the honeypots, and patched it accordingly that they do not identify my service as a honeypot.
The funny thing about this was, that my ISP send me a letter (by post o.0),
that i run a vulnerable service on my network.
The honeypot had a "MOD" from an old nuclear power plant, and did some random tarpit and randomly let random user/password combinations to log in.
For example:
As part of a monitoring system.
HR / crm Database.
Self serving vacation planner and approving system.
Tamperproof GMO(genetically modified organisms) database.
As my go to source as a quick and dirty data dump while hacking...