This detection rule targets the delivery mechanism of Pikabot malware via malicious URL links. It focuses on identifying patterns in URLs that have been reported by URLhaus and those that download compressed files containing suspicious JavaScript files. Specifically, if any links in a body match a recognized Pikabot URL structure, or if they point to a domain known for malware delivery while avoiding trusted domains like `drive.google.com` and `github.com`, the rule flags the content as malicious. Additionally, links that download archives will be analyzed for the presence of JavaScript files or file hashes matching known malware datasets. The rule also incorporates sender domain analysis to filter out high-trust domains unless such domains fail DMARC authentication checks. Furthermore, it avoids flagged profiles that are unsolicited unless they are identified as previously malicious or spam. This multi-faceted approach aims to enhance detection accuracy against Pikabot malware, ensuring protection against new and evolving threats.