This rule is designed to identify and mitigate HTML smuggling techniques that can be obscured within calendar invite files (.ics). The approach involves scanning inbound content for specific file types associated with calendar invitations, particularly those formatted as text/calendar or with the .ics file extension. Within these files, the rule looks for coded strings indicative of malicious behavior, specifically searching for instances where the JavaScript functions 'eval' and 'atob' are used together, which may indicate attempts to execute smuggled HTML content. The logic relies on examining the strings exploded from the files, and it employs regex matching to pinpoint potential threats. Given the nature of the attack types—Credential Phishing and Malware/Ransomware—this detection rule is categorized with a high severity level. It utilizes various detection methods, including file, HTML, and JavaScript analysis, to enhance accuracy and ensure comprehensive coverage against emerging threats in calendar invites.