This detection rule identifies the presence of malicious emails containing links that lead to files auto-downloaded from sites using Adobe branding, a tactic often employed by the Qakbot malware. The rule evaluates email body links to check if any files have been downloaded. It further verifies the involvement of Adobe branding with high confidence and searches for coercive text typically associated with Qakbot, which attempts to manipulate users into executing downloaded files. The rule is designed to invoke alerts for high-severity threats and takes sender reputation into account, verifying whether the email was unsolicited or had a history of malicious behavior without generating false positives. By utilizing threat detection techniques, including file analysis, sender analysis, and visual content recognition, the rule aims to prevent the spread of malware through socially engineered phishing attacks that impersonate credible brands. Overall, it represents a crucial layer of defense against phishing tactics targeting users by leveraging familiar brand imagery.