File tree Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Original file line number Diff line number Diff line change @@ -12,8 +12,12 @@ source: |
1212 ) >= 2
1313 and length(filter(body.links,
1414 .href_url.domain.domain == "links.paperlesspost.com"
15+ or (
16+ .href_url.domain.root_domain == "paperlesspost.com"
17+ and strings.istarts_with(.href_url.path, '/go/')
18+ )
1519 )
16- ) < 3
20+ ) < 2
1721 and not (
1822 (subject.is_forward or subject.is_reply)
1923 and (length(headers.references) != 0 or headers.in_reply_to is not null)
@@ -23,7 +27,6 @@ source: |
2327 sender.email.domain.root_domain == "paperlesspost.com"
2428 and headers.auth_summary.dmarc.pass
2529 )
26-
2730attack_types :
2831 - " Credential Phishing"
2932 - " Malware/Ransomware"
@@ -38,4 +41,4 @@ detection_methods:
3841id : " bc42e605-e209-565f-aa99-de14bf398910"
3942og_id : " e9ec5e09-e50f-5d02-ad14-35a1a1442960"
4043testing_pr : 3457
41- testing_sha : e3fec67c8215b08a3dd27147b29f0ffda2d04c0d
44+ testing_sha : 781e64c32d8a4795ef65255b70858f7b5e817af9
You can’t perform that action at this time.
0 commit comments