This detection rule is designed to alert security teams when Proofpoint identifies emails associated with an active threat campaign, indicating sophisticated coordinated attacks targeting users or organizations. The rule is categorized as high severity due to the potential risk of data breaches or security incidents from these campaigns, which typically involve phishing and malware. Users of the rule are guided to monitor emails from suspicious campaigns, block malicious indicators of compromise (IOCs) swiftly, and initiate threat hunting activities. The rule references multiple techniques from the MITRE ATT&CK framework, including T1587 for initial credential access and T1566 for phishing. The rule is part of an ongoing effort to enhance email security and threat detection capabilities efficiently.