diff --git a/Modules/Knowledge/Malware/malware_analysis.py b/Modules/Knowledge/Malware/malware_analysis.py
new file mode 100644
index 0000000..4bba9ac
--- /dev/null
+++ b/Modules/Knowledge/Malware/malware_analysis.py
@@ -0,0 +1,26 @@
+def get_content():
+    """
+    Returns structured content for malware analysis and response.
+    """
+    return [
+        {
+            "title": "File Analysis Tools",
+            "content": """
+- Tools: Volatility, Cuckoo Sandbox, MalwareBazaar.
+- Snapshot analysis highlights changes post-execution.
+            """
+        },
+        {
+            "title": "Indicators and Artifacts",
+            "content": """
+- Prefetch: Tracks execution times and paths.
+- Amcache: Logs SHA-1 hashes and execution metadata.
+            """
+        },
+        {
+            "title": "Persistence Mechanisms",
+            "content": """
+- Common Techniques: Scheduled Tasks, Registry Keys, Startup Folders, Services.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/Malware/malware_persistence.py b/Modules/Knowledge/Malware/malware_persistence.py
new file mode 100644
index 0000000..8af287e
--- /dev/null
+++ b/Modules/Knowledge/Malware/malware_persistence.py
@@ -0,0 +1,27 @@
+def get_content():
+    """
+    Returns structured content for malware persistence mechanisms.
+    """
+    return [
+        {
+            "title": "Persistence Techniques",
+            "content": """
+- Registry Keys, Startup Folders.
+- Scheduled Tasks, Services.
+            """
+        },
+        {
+            "title": "Indicators of Persistence",
+            "content": """
+- Unexpected DLLs in memory or on disk.
+- Scheduled tasks executing at odd times.
+            """
+        },
+        {
+            "title": "Detection Techniques",
+            "content": """
+- Memory forensics for hidden processes.
+- Analyzing autorun entries and system services.
+            """
+        }
+    ]