diff --git a/rules/proxy/proxy_baby_shark.yml b/rules/proxy/proxy_baby_shark.yml
index 5b6f980b6..e768fba26 100644
--- a/rules/proxy/proxy_baby_shark.yml
+++ b/rules/proxy/proxy_baby_shark.yml
@@ -10,11 +10,11 @@ logsource:
     category: proxy
 detection:
     selection:
-        c-uri|contains: 'momyshark?key='
+        c-uri|contains: 'momyshark\?key='
     condition: selection
 falsepositives:
     - Unknown
 level: critical
 tags:
     - attack.command_and_control
-    - attack.t1071.001
\ No newline at end of file
+    - attack.t1071.001