https://polymathmonkey.github.io/weblog/categories/securityresearch/index.htmlHugoen-usSat, 06 Jun 2026 13:27:31 +0200https://polymathmonkey.github.io/weblog/securityresearch/hassh-redtail-cryptominer-campaign/index.htmlSat, 06 Jun 2026 10:00:00 +0200https://polymathmonkey.github.io/weblog/securityresearch/hassh-redtail-cryptominer-campaign/index.htmlThe Alert At 10:23 on June 5th, ElastAlert fired a Pushover notification: MISP Hit: Known Threat Actor IP: 130.12.180.51 | Canada Feed: Maltrail IOC for 2026-06-01 | Level: Medium What followed was a two-day investigation that started with a medium-severity feed match on a Canadian IP and ended with confirmed cryptominer deployment, SSH key persistence, and a second infrastructure node that the feed had never seen.