The detection rule focuses on identifying messages that contain links to free file hosting services which are sent to undisclosed recipients or those only included in CC/BCC fields. This scenario may indicate potential malicious activities such as mass distribution of harmful content using file sharing platforms. The rule employs several checks to determine the legitimacy of the email distribution by analyzing the message body and its headers. It verifies if the email is not part of previous threads, checks for the presence of limited links within the message, and ensures that the recipient details do not display known lists of recipients. Furthermore, it verifies if the links point to free file hosting domains or specific subdomains and applies additional checks to negate false positives from benign threads or list mailers. The rule also looks for emails with unsolicited distribution patterns, analyzing authentication headers like DMARC to confirm whether the sender is authorized. The attack types associated with this rule primarily include Credential Phishing and the distribution of Malware or Ransomware, indicating a focus on threats that directly exploit recipients through deceptive means.