ssh
Secure Shell client. Used for lateral movement, remote command execution, tunneling, and persistence via authorized_keys.
Binary Paths
/usr/bin/ssh/bin/ssh
Glob Patterns
| Pattern | Notes |
|---|---|
ss?
|
Wildcard replaces 'h' |
s*h
|
Star matches 's' |
s[s]h
|
Bracket class on second char |
ss[h]
|
Bracket class on last char |
/usr/bin/ss?
|
Full path wildcard |
/???/bin/ssh
|
Directory obfuscation |
/???/???/s*h
|
Full path with mixed wildcards |
Pattern Tester
$
Try typing ssh or a full path like /usr/bin/ssh
YARA Rule
Auto-generated detection rule for ssh