diff --git a/detection-rules/attachment_microsoft_image_lure_qr_code.yml b/detection-rules/attachment_microsoft_image_lure_qr_code.yml
index e9af7b45b62..d2cf026797e 100644
--- a/detection-rules/attachment_microsoft_image_lure_qr_code.yml
+++ b/detection-rules/attachment_microsoft_image_lure_qr_code.yml
@@ -38,7 +38,7 @@ source: |
                             )
                             
                             // or the body is null 
-                            or length(body.current_thread.text) is null
+                            or body.current_thread.text is null
                             or body.current_thread.text == ""
 
                             // or the subject contains authentication/urgency verbiage