
AnalystAIPack: Giving an AI Agent a Malware Analyst's Working Knowledge
Ask a general-purpose AI agent to analyze a suspicious executable and you get confident-sounding mush. It will happily tell you to “check the file for anything malicious,” suggest a plugin that does not exist, or skip the one step that actually matters. The model knows a lot about malware analysis. What it lacks is the analyst’s working knowledge: which Volatility 3 plugin to run on a memory image, how to reach a packer’s original entry point, how to turn a recovered C2 config into a Sigma rule, and, just as important, when not to trust a result. ...