From 3877ec4cc2e0da48494343f5f8418bdfd0e9a5d6 Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Tue, 14 Nov 2023 13:05:59 -0500
Subject: [PATCH] Update link_credential_phishing_voicemail_language.yml (#953)

---
 detection-rules/link_credential_phishing_voicemail_language.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection-rules/link_credential_phishing_voicemail_language.yml b/detection-rules/link_credential_phishing_voicemail_language.yml
index edcea24f4b2..e1044e01e7f 100644
--- a/detection-rules/link_credential_phishing_voicemail_language.yml
+++ b/detection-rules/link_credential_phishing_voicemail_language.yml
@@ -39,7 +39,7 @@ source: |
         any(recipients.to, strings.icontains(sender.display_name, .email.domain.sld))
       ),
       (
-        any([sender.display_name, subject.subject, body.current_thread.text],
+        any([sender.display_name, subject.subject],
             regex.contains(.,
                            '[\x{1F300}-\x{1F5FF}\x{1F600}-\x{1F64F}\x{1F680}-\x{1F6FF}\x{1F700}-\x{1F77F}\x{1F780}-\x{1F7FF}\x{1F900}-\x{1F9FF}\x{2600}-\x{26FF}\x{2700}-\x{27BF}\x{2300}-\x{23FF}]'
             )