This detection rule identifies attempts to download malicious encrypted ZIP files that contain DMG files, which have been linked to malware distribution such as Meta Stealer and Atomic Stealer targeted at MacOS systems. The rule recognizes specific behaviors, such as links within email bodies that lead to these downloads, and considers the sender's profile to determine whether the sender is likely malicious. Additionally, the rule includes checks against highly trusted sender domains unless they fail DMARC authentication, thus refining the detection of potential phishing or malware-laden communications. The technique has been noted to involve social engineering tactics where attackers pose as recruiters, further complicating detection efforts.