{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2024:36SHMC57NOSCI6OV7XWWYBRCTS","short_pith_number":"pith:36SHMC57","canonical_record":{"source":{"id":"2401.07995","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2024-01-15T22:36:56Z","cross_cats_sorted":[],"title_canon_sha256":"5dbc8381aec4a8282c6ae12d3bfed27bb007084a10259e4d4b41dccaf1db670d","abstract_canon_sha256":"38390a565c227a903d81364369b7ddfd9b5260434c7bd19445166f56bc44ceef"},"schema_version":"1.0"},"canonical_sha256":"dfa4760bbf6ba42479d5fded6c06229ca00cfd9bf1b8c2bd3a05a3126638054e","source":{"kind":"arxiv","id":"2401.07995","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2401.07995","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"arxiv_version","alias_value":"2401.07995v2","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2401.07995","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_12","alias_value":"36SHMC57NOSC","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_16","alias_value":"36SHMC57NOSCI6OV","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_8","alias_value":"36SHMC57","created_at":"2026-07-05T07:47:46Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2024:36SHMC57NOSCI6OV7XWWYBRCTS","target":"record","payload":{"canonical_record":{"source":{"id":"2401.07995","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2024-01-15T22:36:56Z","cross_cats_sorted":[],"title_canon_sha256":"5dbc8381aec4a8282c6ae12d3bfed27bb007084a10259e4d4b41dccaf1db670d","abstract_canon_sha256":"38390a565c227a903d81364369b7ddfd9b5260434c7bd19445166f56bc44ceef"},"schema_version":"1.0"},"canonical_sha256":"dfa4760bbf6ba42479d5fded6c06229ca00cfd9bf1b8c2bd3a05a3126638054e","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T07:47:46.457365Z","signature_b64":"OgPlyXT4l4pm7KyFNbUC2da7kws2CPhUqFaZ3wR3NLvKl9zGhqG/Va4XjMg4pLcw/1eMGVQACSevDJW0MsWaBg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"dfa4760bbf6ba42479d5fded6c06229ca00cfd9bf1b8c2bd3a05a3126638054e","last_reissued_at":"2026-07-05T07:47:46.456849Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T07:47:46.456849Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2401.07995","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:47:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"3gMSieK9wa2wuGGb6tkGR0RMa43qnGjBGDzxMLOW+EACiHIP4kFyANSG5DfMnTpIJMvy1ixQ06LACW+l6ILqAw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-13T13:41:22.373865Z"},"content_sha256":"82f837f9d1f71bc5565c9d483c7c066bd87f08bff656a516ced1e45ad530c148","schema_version":"1.0","event_id":"sha256:82f837f9d1f71bc5565c9d483c7c066bd87f08bff656a516ced1e45ad530c148"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2024:36SHMC57NOSCI6OV7XWWYBRCTS","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell Scripts","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Eva Ruhsar Varlioglu, Murat Ozer, Nelly Elsayed, Said Varlioglu, Zag ElSayed","submitted_at":"2024-01-15T22:36:56Z","abstract_excerpt":"Fileless malware predominantly relies on PowerShell scripts, leveraging the native capabilities of Windows systems to execute stealthy attacks that leave no traces on the victim's system. The effectiveness of the fileless method lies in its ability to remain operational on victim endpoints through memory execution, even if the attacks are detected, and the original malicious scripts are removed. Threat actors have increasingly utilized this technique, particularly since 2017, to conduct cryptojacking attacks. With the emergence of new Remote Code Execution (RCE) vulnerabilities in ubiquitous l"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2401.07995","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2401.07995/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:47:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ueYrzpu4SjB7xWHr3qqQNmOe1mYn8K6kJ+awU2nPV++T0AY4a5Jzr5b7JYfWJtiOxpg1Io4Ti1hvEmFF6YKXAw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-13T13:41:22.374237Z"},"content_sha256":"7d21a776c0065e35deaacf9a8e8eae16af993b34b577069115040de87d468a68","schema_version":"1.0","event_id":"sha256:7d21a776c0065e35deaacf9a8e8eae16af993b34b577069115040de87d468a68"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/36SHMC57NOSCI6OV7XWWYBRCTS/bundle.json","state_url":"https://pith.science/pith/36SHMC57NOSCI6OV7XWWYBRCTS/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/36SHMC57NOSCI6OV7XWWYBRCTS/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-13T13:41:22Z","links":{"resolver":"https://pith.science/pith/36SHMC57NOSCI6OV7XWWYBRCTS","bundle":"https://pith.science/pith/36SHMC57NOSCI6OV7XWWYBRCTS/bundle.json","state":"https://pith.science/pith/36SHMC57NOSCI6OV7XWWYBRCTS/state.json","well_known_bundle":"https://pith.science/.well-known/pith/36SHMC57NOSCI6OV7XWWYBRCTS/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2024:36SHMC57NOSCI6OV7XWWYBRCTS","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"38390a565c227a903d81364369b7ddfd9b5260434c7bd19445166f56bc44ceef","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2024-01-15T22:36:56Z","title_canon_sha256":"5dbc8381aec4a8282c6ae12d3bfed27bb007084a10259e4d4b41dccaf1db670d"},"schema_version":"1.0","source":{"id":"2401.07995","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2401.07995","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"arxiv_version","alias_value":"2401.07995v2","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2401.07995","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_12","alias_value":"36SHMC57NOSC","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_16","alias_value":"36SHMC57NOSCI6OV","created_at":"2026-07-05T07:47:46Z"},{"alias_kind":"pith_short_8","alias_value":"36SHMC57","created_at":"2026-07-05T07:47:46Z"}],"graph_snapshots":[{"event_id":"sha256:7d21a776c0065e35deaacf9a8e8eae16af993b34b577069115040de87d468a68","target":"graph","created_at":"2026-07-05T07:47:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2401.07995/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Fileless malware predominantly relies on PowerShell scripts, leveraging the native capabilities of Windows systems to execute stealthy attacks that leave no traces on the victim's system. The effectiveness of the fileless method lies in its ability to remain operational on victim endpoints through memory execution, even if the attacks are detected, and the original malicious scripts are removed. Threat actors have increasingly utilized this technique, particularly since 2017, to conduct cryptojacking attacks. With the emergence of new Remote Code Execution (RCE) vulnerabilities in ubiquitous l","authors_text":"Eva Ruhsar Varlioglu, Murat Ozer, Nelly Elsayed, Said Varlioglu, Zag ElSayed","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2024-01-15T22:36:56Z","title":"The Pulse of Fileless Cryptojacking Attacks: Malicious PowerShell Scripts"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2401.07995","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:82f837f9d1f71bc5565c9d483c7c066bd87f08bff656a516ced1e45ad530c148","target":"record","created_at":"2026-07-05T07:47:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"38390a565c227a903d81364369b7ddfd9b5260434c7bd19445166f56bc44ceef","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2024-01-15T22:36:56Z","title_canon_sha256":"5dbc8381aec4a8282c6ae12d3bfed27bb007084a10259e4d4b41dccaf1db670d"},"schema_version":"1.0","source":{"id":"2401.07995","kind":"arxiv","version":2}},"canonical_sha256":"dfa4760bbf6ba42479d5fded6c06229ca00cfd9bf1b8c2bd3a05a3126638054e","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"dfa4760bbf6ba42479d5fded6c06229ca00cfd9bf1b8c2bd3a05a3126638054e","first_computed_at":"2026-07-05T07:47:46.456849Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T07:47:46.456849Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"OgPlyXT4l4pm7KyFNbUC2da7kws2CPhUqFaZ3wR3NLvKl9zGhqG/Va4XjMg4pLcw/1eMGVQACSevDJW0MsWaBg==","signature_status":"signed_v1","signed_at":"2026-07-05T07:47:46.457365Z","signed_message":"canonical_sha256_bytes"},"source_id":"2401.07995","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:82f837f9d1f71bc5565c9d483c7c066bd87f08bff656a516ced1e45ad530c148","sha256:7d21a776c0065e35deaacf9a8e8eae16af993b34b577069115040de87d468a68"],"state_sha256":"402bef0654d6b017ff5fca5307838ef2c749a9b846edb52f12655ab9cb439902"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"w5IRq71yOgZwJ7jbkukJ/ZmRRFdJ5O6tEEDXTjhXziegNoyq+L9Ge1+Mwqj029NQTHrFPO8dfqM40VwpLG1KBg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-13T13:41:22.376344Z","bundle_sha256":"d5315d2a06ff4a112bce2c38f23d0dd61ce0d93f048e748b35744d647e2c3cad"}}