Skip to content

Commit ebf9a83

Browse files
[Test Rules] [PR #4592] modified rule: Spam: Fake photo share
1 parent 7c9d7d5 commit ebf9a83

1 file changed

Lines changed: 5 additions & 3 deletions

File tree

detection-rules/4592_spam_fake_photo_share.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -137,8 +137,10 @@ source: |
137137
and .href_url.domain.root_domain in ("facebook.com", "youtube.com")
138138
)
139139
or (
140-
// short random subdomain
141-
regex.icontains(.href_url.url, 'https?://[a-z]{5}\.[a-z]+\.')
140+
// random 5-character subdomain
141+
regex.icontains(.href_url.url,
142+
'https?://[a-z]{5}\.[a-z]{5,}\.[a-z]+'
143+
)
142144
// subdomain contains 3+ consecutive consonants
143145
and regex.icontains(.href_url.url,
144146
'https?://[a-z]*[b-df-hj-np-tv-z]{3,}[a-z]*\.'
@@ -191,4 +193,4 @@ detection_methods:
191193
id: "42b07278-999f-50e7-b96f-1bee369009c0"
192194
og_id: "eb086f7d-3ad7-52cd-8e16-3ce08726b9ea"
193195
testing_pr: 4592
194-
testing_sha: 58e307902b4f8fb275e78ca4aa44eb6829d8ce65
196+
testing_sha: 16f263c20058ea3d7f7d1d22289314eed12b1f2f

0 commit comments

Comments
 (0)