Upload files to "Modules/Knowledge/Malware"

Modules/Knowledge/Malware/malware_analysis.py

@@ -0,0 +1,26 @@
+def get_content():
+    """
+    Returns structured content for malware analysis and response.
+    """
+    return [
+        {
+            "title": "File Analysis Tools",
+            "content": """
+- Tools: Volatility, Cuckoo Sandbox, MalwareBazaar.
+- Snapshot analysis highlights changes post-execution.
+            """
+        },
+        {
+            "title": "Indicators and Artifacts",
+            "content": """
+- Prefetch: Tracks execution times and paths.
+- Amcache: Logs SHA-1 hashes and execution metadata.
+            """
+        },
+        {
+            "title": "Persistence Mechanisms",
+            "content": """
+- Common Techniques: Scheduled Tasks, Registry Keys, Startup Folders, Services.
+            """
+        }
+    ]

Modules/Knowledge/Malware/malware_persistence.py

@@ -0,0 +1,27 @@
+def get_content():
+    """
+    Returns structured content for malware persistence mechanisms.
+    """
+    return [
+        {
+            "title": "Persistence Techniques",
+            "content": """
+- Registry Keys, Startup Folders.
+- Scheduled Tasks, Services.
+            """
+        },
+        {
+            "title": "Indicators of Persistence",
+            "content": """
+- Unexpected DLLs in memory or on disk.
+- Scheduled tasks executing at odd times.
+            """
+        },
+        {
+            "title": "Detection Techniques",
+            "content": """
+- Memory forensics for hidden processes.
+- Analyzing autorun entries and system services.
+            """
+        }
+    ]