From 634fbe55170bbfb2d41fbef39c227324e384075b Mon Sep 17 00:00:00 2001
From: IlluminatiFish <45714340+IlluminatiFish@users.noreply.github.com>
Date: Fri, 27 Oct 2023 17:13:38 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Update=20facebook-pl-7d71c1c?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove old reference that was valid. However due to URLScan not being able to retrieve the DOM anymore it no longer 'matches' the rules from IOK's POV
---
 indicators/facebook-pl-7d71c1c.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/indicators/facebook-pl-7d71c1c.yml b/indicators/facebook-pl-7d71c1c.yml
index 65600c06..9c51638f 100644
--- a/indicators/facebook-pl-7d71c1c.yml
+++ b/indicators/facebook-pl-7d71c1c.yml
@@ -1,22 +1,20 @@
 title: Facebook Phishing Kit 7d71c1c
 description: |
     Detects a Facebook phishing kit targeting 
-    Polish speaking users. Using the same login
-    form structure across all domains as well 
-    as using the same name for the logo file.
+    Polish speaking users. Using the same Google
+    Tag ID across every domain deploying this kit
+    and using the same name for the logo file.
     
 references:
     - https://urlscan.io/result/4467573b-d13a-4f2c-85df-5dbce3de9eda
     - https://urlscan.io/result/7d71c1c0-da74-41bf-b4c7-25e9ba421f1e
     - https://urlscan.io/result/d4890e94-a7e6-4b9a-b4b2-fab8eaa3ccc3
-    - https://urlscan.io/result/dc6ff99f-d94c-4a7a-9337-af606fd6be21
-
 
 detection:
 
     logo:
       requests|contains: 'fb4.png'
-
+      
     googleTagId:
       dom|contains: 'UA-178388451-1'