This detection rule aims to identify encrypted Microsoft Access database files (.accdb) received from untrusted sources or from trusted domains that fail DMARC authentication. It operates by analyzing inbound emails and checking their attachments for specific criteria indicative of potentially malicious content. The rule checks whether the email attachment is an Access database file by evaluating the file name, content type, or file type against known Microsoft Access identifiers. Furthermore, it uses YARA to scan the file's contents for any matches with a specific signature for encrypted Access databases. The rule includes a condition that negates detection for high-trust sender domains unless they have a DMARC failure, which helps filter out legitimate communications. Upon detection, it flags these emails for further investigation given their potential association with malware or ransomware attacks, particularly exploiting encryption and evasion tactics.