Detects inbound messages containing a single JPEG attachment that matches a specific filename pattern and contains EXIF metadata indicating creation by 'CREATOR: gd-jpeg v1.0'. The rule requires exactly one attachment with file_type 'jpg' and file_extension 'jpeg', where the file_name includes 'images' and either has exactly one '/' path separator or contains 'image' twice (implying a logo-like naming pattern). It then parses EXIF data (beta.parse_exif) and checks for a Comment field whose value starts with 'CREATOR: gd-jpeg v1.0'. If matched, the detection flags a high-severity event associated with credential phishing, using a evasion-related technique. Detection methods used are File analysis and Exif analysis. This pattern has been observed in phishing campaigns where attackers generate company logos for use in messages. Potential false positives may occur with legitimate assets; consider expanding EXIF coverage or filename pattern variants to reduce noise.