This detection rule monitors incoming archive attachments to identify if they contain any files whose SHA256 hash matches those classified as malware and reported on MalwareBazaar by trusted sources. It primarily targets files sent from unsolicited or suspicious senders, especially if those senders have a history of malicious or spam communications. The rule employs multiple detection methods, including archive and file analysis, alongside sender profile evaluations and external threat intelligence from MalwareBazaar. By focusing on attachments with common archive file extensions, the rule seeks to proactively mitigate the risks of malware distribution via email, particularly from untrusted sources, which can have severe implications, given the severity level set as high. Uniquely, it also incorporates logic to avoid false positives by assessing the sender's communication history.