### A compromised Linux host

- Four binaries (in sequential order) were found in the /tmp directory of an the httpd server running Linux. No more information were given.
    - `0b9c1a600f14403c384a8fb4c6f2574235c7f0ca` - 1.bin
    - `142391ab131af2520a0e4a1622643dbfd3057d52` - 2.bin
    - `cc68a193fece3763e05d03b3c9d22d17601cfaf4` - 1.txt
    - `f12a9aa891b9da4f0823eec6f23565144a4955a3` - 3.bin
    - `a2f36438acccbf1a54c072abe856812a2f226d76` - 4.bin

What could be deduced from these evidences by using the MISP instance only? and how can you describe your investigation in MISP?