This detection rule identifies incoming messages containing iCalendar (ICS) attachments that include embedded Scalable Vector Graphics (SVG) files capable of holding malicious JavaScript code. It focuses on detecting various methods that attackers may employ to execute code through SVG files. Specifically, the rule looks for ICS files with the `.ics` extension or the appropriate content type of `application/ics` or `text/calendar`. Furthermore, it inspects any embedded files within these notifications to check for SVG or SVGZ formats, while ensuring that they match the MIME type `image/svg+xml`. Key malicious indicators searched for include the presence of keywords associated with event-based JavaScript execution such as `onload`, redirects via `window.location.href`, error handling commands like `onerror`, and embedding `<script>` elements. Additionally, the rule checks for utilization of `atob`, `location.assign`, and `decodeURIComponent`, which could be tied to attempts to obfuscate malicious actions within the SVG content. Using advanced file and JavaScript analysis techniques, the detection measures focus on classifying potential credential phishing and malware delivery using specific tactics aimed at executing scripts in an evasion-resistant manner.