From 2bcb6abd723b0ba4e23909d9843dc7ac0aee0952 Mon Sep 17 00:00:00 2001
From: Tomasuh <3432107+Tomasuh@users.noreply.github.com>
Date: Fri, 12 Aug 2022 12:46:21 +0200
Subject: [PATCH] Escape ? character

---
 rules/proxy/proxy_baby_shark.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/proxy/proxy_baby_shark.yml b/rules/proxy/proxy_baby_shark.yml
index 5b6f980b6..e768fba26 100644
--- a/rules/proxy/proxy_baby_shark.yml
+++ b/rules/proxy/proxy_baby_shark.yml
@@ -10,11 +10,11 @@ logsource:
     category: proxy
 detection:
     selection:
-        c-uri|contains: 'momyshark?key='
+        c-uri|contains: 'momyshark\?key='
     condition: selection
 falsepositives:
     - Unknown
 level: critical
 tags:
     - attack.command_and_control
-    - attack.t1071.001
\ No newline at end of file
+    - attack.t1071.001