This detection rule is designed to identify instances of brand impersonation specifically targeting the file-sharing service ShareFile. The rule combines various detection methods including header, content, and sender analysis to detect phishing attempts. It checks for multiple indicators such as the presence of certain keywords in the email body or subject lines that relate to ShareFile, the number and type of attachments, and inconsistencies in the sender's domain against trusted domains. The rule particularly looks for patterns consistent with credential phishing, a common tactic used by threat actors to trick victims into divulging sensitive information. By analyzing the message body for specific phrases associated with ShareFile and performing checks against email headers, this rule aims to block malicious emails that impersonate legitimate ShareFile communications, enhancing security against phishing attacks.