List of ideas for SSH malware research:
SSH malware matrix
like the c2 matrix, but SSH malware. might have to have a few categories: worms, scanners, backdoors (include stuff like attacker-added creds), harvesters, …
HASSH:software lists
This will help identify software used in incidents
public keys:individual
GitHub, Launchpad, and other sites store these and provide publicly
sshd pubkey to IP, timestamp, hostname, etc.
List of exploitable SSH vulnerabilities
List of SSH walware writeups
List of default passwords, keys, etc
botnet dictionaries
List of infostealers that target ssh credentials
List of opon source SSH malware
Signatures for aforementioned malware
include decryption tools and special clients and such