Technical summary: This rule detects inbound emails with PDF attachments that contain a blurry lure image used in credential phishing. It triggers when an inbound message has an attachment of type PDF and the embedded content is analyzed for YARA matches, specifically looking for a match named pdf_lure_image_blurry. A positive match indicates a PDF lure image crafted to obscure visual cues while prompting credential submission, aligning with credential phishing techniques. Detection relies on File analysis and YARA, and the rule is categorized as Medium severity under the Credential Phishing attack type. The rule targets PDFs used as phishing lures and signals security teams to inspect or block the attachment, warn the user, and investigate the sender. The signature is tied to the YARA rule name pdf_lure_image_blurry, enabling consistent detection across incidents involving blurry lure images in PDF attachments.