From b679b5b48ab4d642f56da38dc5007ef29f499979 Mon Sep 17 00:00:00 2001
From: Matthew Iverson <matthew@noreply.localhost>
Date: Sat, 30 Nov 2024 00:53:36 -0500
Subject: [PATCH] Upload files to "Modules/Knowledge/Malware"

---
 Modules/Knowledge/Malware/malware_analysis.py | 26 ++++++++++++++++++
 .../Knowledge/Malware/malware_persistence.py  | 27 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 Modules/Knowledge/Malware/malware_analysis.py
 create mode 100644 Modules/Knowledge/Malware/malware_persistence.py

diff --git a/Modules/Knowledge/Malware/malware_analysis.py b/Modules/Knowledge/Malware/malware_analysis.py
new file mode 100644
index 0000000..4bba9ac
--- /dev/null
+++ b/Modules/Knowledge/Malware/malware_analysis.py
@@ -0,0 +1,26 @@
+def get_content():
+    """
+    Returns structured content for malware analysis and response.
+    """
+    return [
+        {
+            "title": "File Analysis Tools",
+            "content": """
+- Tools: Volatility, Cuckoo Sandbox, MalwareBazaar.
+- Snapshot analysis highlights changes post-execution.
+            """
+        },
+        {
+            "title": "Indicators and Artifacts",
+            "content": """
+- Prefetch: Tracks execution times and paths.
+- Amcache: Logs SHA-1 hashes and execution metadata.
+            """
+        },
+        {
+            "title": "Persistence Mechanisms",
+            "content": """
+- Common Techniques: Scheduled Tasks, Registry Keys, Startup Folders, Services.
+            """
+        }
+    ]
diff --git a/Modules/Knowledge/Malware/malware_persistence.py b/Modules/Knowledge/Malware/malware_persistence.py
new file mode 100644
index 0000000..8af287e
--- /dev/null
+++ b/Modules/Knowledge/Malware/malware_persistence.py
@@ -0,0 +1,27 @@
+def get_content():
+    """
+    Returns structured content for malware persistence mechanisms.
+    """
+    return [
+        {
+            "title": "Persistence Techniques",
+            "content": """
+- Registry Keys, Startup Folders.
+- Scheduled Tasks, Services.
+            """
+        },
+        {
+            "title": "Indicators of Persistence",
+            "content": """
+- Unexpected DLLs in memory or on disk.
+- Scheduled tasks executing at odd times.
+            """
+        },
+        {
+            "title": "Detection Techniques",
+            "content": """
+- Memory forensics for hidden processes.
+- Analyzing autorun entries and system services.
+            """
+        }
+    ]