diff --git a/network/detection/mikrotik-ssh-detect.yaml b/network/detection/mikrotik-ssh-detect.yaml
new file mode 100644
index 0000000000..71c5c9c687
--- /dev/null
+++ b/network/detection/mikrotik-ssh-detect.yaml
@@ -0,0 +1,32 @@
+id: mikrotik-ssh-detect
+
+info:
+  name: MikroTik RouterOS SSH - Detect
+  author: staticnoise
+  severity: info
+  description: |
+    MikroTik RouterOS SSH was detected.
+
+  reference:
+    - http://www.openwall.com/lists/oss-security/2016/08/01/2
+    - http://www.openwall.com/lists/oss-security/2018/08/15/5
+    - http://seclists.org/fulldisclosure/2016/Jul/51
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-6210
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-15473
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cwe-id: CWE-200
+  metadata:
+    max-request: 1
+  tags: network,mikrotik,detect,detection,tcp
+
+tcp:
+  - host:
+      - "{{Hostname}}"
+    port: 22
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?i)SSH-2.0-ROSSSH'
+# digest: 4b0a00483046022100a2f739b5d172666666e2087baacfe59d3df55a3ee81fa0ebfecda07f2ae2a920022100eb49ed7935e0ce621e1b7082cfbf8ac5d759866cd38f9443cb79f2899a5192d4:5ee180a688096af8a060049f233bbfa9