diff --git a/rules/web/web_java_payload_in_access_logs.yml b/rules/web/web_java_payload_in_access_logs.yml
index 213552435..109cf51ab 100644
--- a/rules/web/web_java_payload_in_access_logs.yml
+++ b/rules/web/web_java_payload_in_access_logs.yml
@@ -7,9 +7,10 @@ references:
     - https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
     - https://github.com/httpvoid/writeups/blob/62d3751945289d088ccfdf4d0ffbf61598a2cd7d/Confluence-RCE.md
     - https://twitter.com/httpvoid0x2f/status/1532924261035384832
-author: frack113
+    - https://medium.com/geekculture/text4shell-exploit-walkthrough-ebc02a01f035
+author: frack113, Harjot Singh, "@cyb3rjy0t" (update)
 date: 2022/06/04
-modified: 2022/06/14
+modified: 2023/01/19
 tags:
     - cve.2022.26134
     - cve.2021.26084
@@ -25,6 +26,8 @@ detection:
         - '%2F%24%7B%23'
         - '/${#'
         - 'new+java.'
+        - 'getRuntime().exec('
+        - 'getRuntime%28%29.exec%28'
     condition: keywords
 falsepositives:
     - Legitimate apps