This detection rule is designed to identify incoming SVG (Scalable Vector Graphics) files that exhibit potentially malicious patterns. Specifically, it targets SVG files that contain circle elements combined with embedded images or QR codes, or filenames that are related to the email recipients. The rule limits the number of attachments to three and checks for the authenticity of the sender by analyzing previous interactions. SVG circle elements are particularly noted for their ability to obfuscate QR codes, which can help attackers bypass automated scanning systems. The detection logic employs a multi-faceted approach, analyzing XML tags, the presence of QR code data, and recipient matching against filenames. Additionally, it filters out known false positives based on sender history to enhance accuracy.