{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:FFXN2JPFMCG3URCRDG6JH4PVRG","short_pith_number":"pith:FFXN2JPF","canonical_record":{"source":{"id":"1902.03531","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.NI","submitted_at":"2019-02-10T03:34:58Z","cross_cats_sorted":[],"title_canon_sha256":"43c3d2e62f8dad08ce2f443ef71d14c818a0df63d424bfcae0afb80313e3d915","abstract_canon_sha256":"592ed8e6a39e3b0d2a4dd1ce68b82ae5f3ed654b085dbca80b1e8f3e15e6e059"},"schema_version":"1.0"},"canonical_sha256":"296edd25e5608dba445119bc93f1f589974071700f866fd96d1506ed498f1ed5","source":{"kind":"arxiv","id":"1902.03531","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1902.03531","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"arxiv_version","alias_value":"1902.03531v1","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1902.03531","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"pith_short_12","alias_value":"FFXN2JPFMCG3","created_at":"2026-05-18T12:33:15Z"},{"alias_kind":"pith_short_16","alias_value":"FFXN2JPFMCG3URCR","created_at":"2026-05-18T12:33:15Z"},{"alias_kind":"pith_short_8","alias_value":"FFXN2JPF","created_at":"2026-05-18T12:33:15Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:FFXN2JPFMCG3URCRDG6JH4PVRG","target":"record","payload":{"canonical_record":{"source":{"id":"1902.03531","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.NI","submitted_at":"2019-02-10T03:34:58Z","cross_cats_sorted":[],"title_canon_sha256":"43c3d2e62f8dad08ce2f443ef71d14c818a0df63d424bfcae0afb80313e3d915","abstract_canon_sha256":"592ed8e6a39e3b0d2a4dd1ce68b82ae5f3ed654b085dbca80b1e8f3e15e6e059"},"schema_version":"1.0"},"canonical_sha256":"296edd25e5608dba445119bc93f1f589974071700f866fd96d1506ed498f1ed5","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:54:20.538570Z","signature_b64":"HgmjosPa663Brs2ntAMdKEDdVF2dZ/1n7sHRHaJWaT0QGwIOC1eWFypv2yBTYRmqxZcmlySlkyopAL5hvrDmDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"296edd25e5608dba445119bc93f1f589974071700f866fd96d1506ed498f1ed5","last_reissued_at":"2026-05-17T23:54:20.537970Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:54:20.537970Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1902.03531","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:20Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ai/4NEsZdx75Ce4AdxDHlxtaAsUwK1MyzgpP7WuNKQ9/2K+LSFQb+euwvoocYe4fviqyZ8YPV8W/fTKUlotiCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T07:48:06.147530Z"},"content_sha256":"2aa5e6fd7aa528f994b9501488f519cf68f6557306761c139705e02d2d888a2b","schema_version":"1.0","event_id":"sha256:2aa5e6fd7aa528f994b9501488f519cf68f6557306761c139705e02d2d888a2b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:FFXN2JPFMCG3URCRDG6JH4PVRG","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Analyzing Endpoints in the Internet of Things Malware","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.NI","authors_text":"Afsah Anwar, Aziz Mohaisen, DaeHun Nyang, Hisham Alasmary, Jeffrey Spaulding, Jinchun Choi","submitted_at":"2019-02-10T03:34:58Z","abstract_excerpt":"The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses. We further augment additional information a"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1902.03531","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:54:20Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"YpZGf5wMI78T+A0Uq33F0LGDgjQ7AiE/rjJw3LzP3crAj7rKrqI3lj/1CFN9bRm3Kf+2aSHjpoKsnOB39kInCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T07:48:06.147880Z"},"content_sha256":"948c72e722b9f5f697580a7c9fde12513d3b617a651d936da06e75572a0cfe4b","schema_version":"1.0","event_id":"sha256:948c72e722b9f5f697580a7c9fde12513d3b617a651d936da06e75572a0cfe4b"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/bundle.json","state_url":"https://pith.science/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-03T07:48:06Z","links":{"resolver":"https://pith.science/pith/FFXN2JPFMCG3URCRDG6JH4PVRG","bundle":"https://pith.science/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/bundle.json","state":"https://pith.science/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/state.json","well_known_bundle":"https://pith.science/.well-known/pith/FFXN2JPFMCG3URCRDG6JH4PVRG/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:FFXN2JPFMCG3URCRDG6JH4PVRG","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"592ed8e6a39e3b0d2a4dd1ce68b82ae5f3ed654b085dbca80b1e8f3e15e6e059","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.NI","submitted_at":"2019-02-10T03:34:58Z","title_canon_sha256":"43c3d2e62f8dad08ce2f443ef71d14c818a0df63d424bfcae0afb80313e3d915"},"schema_version":"1.0","source":{"id":"1902.03531","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1902.03531","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"arxiv_version","alias_value":"1902.03531v1","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1902.03531","created_at":"2026-05-17T23:54:20Z"},{"alias_kind":"pith_short_12","alias_value":"FFXN2JPFMCG3","created_at":"2026-05-18T12:33:15Z"},{"alias_kind":"pith_short_16","alias_value":"FFXN2JPFMCG3URCR","created_at":"2026-05-18T12:33:15Z"},{"alias_kind":"pith_short_8","alias_value":"FFXN2JPF","created_at":"2026-05-18T12:33:15Z"}],"graph_snapshots":[{"event_id":"sha256:948c72e722b9f5f697580a7c9fde12513d3b617a651d936da06e75572a0cfe4b","target":"graph","created_at":"2026-05-17T23:54:20Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses. We further augment additional information a","authors_text":"Afsah Anwar, Aziz Mohaisen, DaeHun Nyang, Hisham Alasmary, Jeffrey Spaulding, Jinchun Choi","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.NI","submitted_at":"2019-02-10T03:34:58Z","title":"Analyzing Endpoints in the Internet of Things Malware"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1902.03531","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:2aa5e6fd7aa528f994b9501488f519cf68f6557306761c139705e02d2d888a2b","target":"record","created_at":"2026-05-17T23:54:20Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"592ed8e6a39e3b0d2a4dd1ce68b82ae5f3ed654b085dbca80b1e8f3e15e6e059","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.NI","submitted_at":"2019-02-10T03:34:58Z","title_canon_sha256":"43c3d2e62f8dad08ce2f443ef71d14c818a0df63d424bfcae0afb80313e3d915"},"schema_version":"1.0","source":{"id":"1902.03531","kind":"arxiv","version":1}},"canonical_sha256":"296edd25e5608dba445119bc93f1f589974071700f866fd96d1506ed498f1ed5","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"296edd25e5608dba445119bc93f1f589974071700f866fd96d1506ed498f1ed5","first_computed_at":"2026-05-17T23:54:20.537970Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:54:20.537970Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"HgmjosPa663Brs2ntAMdKEDdVF2dZ/1n7sHRHaJWaT0QGwIOC1eWFypv2yBTYRmqxZcmlySlkyopAL5hvrDmDQ==","signature_status":"signed_v1","signed_at":"2026-05-17T23:54:20.538570Z","signed_message":"canonical_sha256_bytes"},"source_id":"1902.03531","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:2aa5e6fd7aa528f994b9501488f519cf68f6557306761c139705e02d2d888a2b","sha256:948c72e722b9f5f697580a7c9fde12513d3b617a651d936da06e75572a0cfe4b"],"state_sha256":"63d9e9b996b4c690207dba7a40de277979dc042ecad7a37b1d9d673beafb8977"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"L1onffKLsbzQ0BmM7lm1fx1uK7+GdR8QqO4P+MT6H/JdVXchOUve6ht1YaYTz8xZIHJJ3HEaTqqSZWmo3IXsDw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-03T07:48:06.149830Z","bundle_sha256":"3129c40394f0f82418f2f92c944f114e0890530937adfada522dc5bb219772d0"}}