Update link_pikabot_malware.yml (#1167)

sublime-security · Dec 19, 2023 · 57fde2f · 57fde2f
1 parent 76d80a8
commit 57fde2f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/detection-rules/link_pikabot_malware.yml b/detection-rules/link_pikabot_malware.yml
@@ -4,7 +4,7 @@ type: "rule"
 severity: "high"
 source: |
   type.inbound
-  and any(body.links, regex.contains(.display_url.url, '[A-Za-z0-9]\/\?[0-9]+$'))
+  and any(body.links, regex.imatch(.display_url.url, '.+\/[a-z0-9]+\/\?[0-9a-z]+'))
   and (
     any(body.links,
         .href_url.domain.domain in $abuse_ch_urlhaus_domains_trusted_reporters