Article

MalwarePT is a binary-level foundation model for malware analysis built on a ModernBERT-style encoder pretrained with masked language modeling on Windows PE code-section bytes. It transfers across malware-analysis tasks at different granularities — API call prediction, functionality classification, and malware detection under temporal drift — outperforming neural baselines and complementing feature-engineering approaches.

A systematization-of-knowledge study combining a literature review and practitioner survey to define a Cyber Threat Intelligence (CTI) generation pipeline, evaluating the feasibility of LLMs for converting attack evidence into shareable intelligence.