[PR #3472] modified rule: Attachment: DOCX with hyperlink targeting recipient address

github-actions[bot] · github-actions[bot] · commit 9399af4e3528 · 2025-11-05T20:33:14.000Z
diff --git a/detection-rules/3472_attachment_docx_hyperlink_targeting_recipient.yml b/detection-rules/3472_attachment_docx_hyperlink_targeting_recipient.yml
@@ -1,5 +1,5 @@
 name: "Attachment: DOCX with hyperlink targeting recipient address"
-description: "Detects DOCX attachments containing hyperlinks with anchor references that match recipient email addresses from suspicious or malicious senders. This technique is commonly used to personalize malicious documents and evade detection."
+description: "Detects DOCX attachments containing hyperlinks with anchor references that match recipient email addresses. This technique is commonly used to personalize malicious documents and evade detection."
 type: "rule"
 severity: "medium"
 source: |
@@ -29,4 +29,4 @@ detection_methods:
 id: "d2ff2c1e-2994-5ca2-8bf3-508213e11364"
 og_id: "9ec8fa49-bda9-5e8f-876f-1e53a46d83ca"
 testing_pr: 3472
-testing_sha: 953a091eb9848dec7c876cf8f3cd00576612df2c
+testing_sha: b58774820b8211f517a799b27b35a8b7bada4e67
