This detection rule identifies potentially malicious email attachments that contain high-risk Visual Basic for Applications (VBA) macros. Malicious actors may use unsolicited attachments to distribute malware or perform unauthorized actions on victims' systems. The rule applies a combination of multiple conditions to establish risk. It checks if the attachment's file extension matches known macro file extensions or falls under specific criteria such as being unrecognized and of a certain size (less than 100MB). The file's risk is evaluated using OLEtools, which identifies if the macro is categorized as 'high' risk. Furthermore, the rule analyzes the sender's profile to make sure the message is unsolicited or that the sender has a history of malicious activity without false positives. This detection method is particularly vital for preventing malware or ransomware attacks that exploit macros in unsolicited documents, enhancing overall email security.