SSH malware

2025-11-01

Due to its intended functionality, privilege, and ubiquity, SSH servers and clients are a popular target for malware.

Read More

SSH malware common features

2025-11-01

Common features of SSH malware:

code reuse

Many samples are modified open source tools.

obfuscation: stack strings, xor encryption, UPX, ADD/SUB, ...

Read More

SSH malware research data

2025-11-01

List of ideas for SSH malware research:

SSH malware matrix

like the c2 matrix, but SSH malware. might have to have a few categories: worms, scanners, ...

Read More

ssh-it

2025-11-01

ssh-it is an SSH worm developed by THC.

https://www.thc.org/ssh-it/

Read More

ssh-key-backdoor

2025-11-01

ssh-key-backdoor is a technique developed by THC that abuses SSH keys to achieve persistence and lateral movement. ...

Read More

sshdinjector

2025-11-01

sshdinjector is Linux malware attributed to Evasive Panda that is injected into the SSH daemon. ...

Read More

Suricata

2025-11-01

Suricata is a network analysis and threat detection engine used for IDS and IPS systems.

https://suricata.io/

Read More

The Hackers Choice

2025-11-01

The Hacker’s Choice is an international hacking group.

https://www.thc.org/

https://github.com/hackerschoice

https://blog.thc.org/

Read More

VyOS

2025-11-01

VyOS is an open source platform used to develop routers.

https://vyos.io/

https://en.wikipedia.org/wiki/VyOS

https://github.com/vyos/vyos-build

Read More

AbcBot

2025-10-28

Abcbot is malware written in Go targeting Linux hosts and used to perform DDoS attacks.

https://thrive.trellix.com/s/article/KB95211?language=en_US ...

Read More