This detection rule identifies potentially malicious inbound emails containing malformed OLE (Object Linking and Embedding) files, which are often embedded within Microsoft Office documents. Such files are likely crafted to bypass traditional security scanners and filters that analyze standard document integrity. The rule employs YARA (Yet Another Recursive Acronym) for scanning the files for specific signatures of malformed headers, indicative of possible evasive techniques employed by threat actors. The detection mechanism checks incoming attachments specifically for file extensions associated with OLE formats, while verifying their structures against known YARA rules ('MALFORMED_OLE_HEADER') to ascertain their legitimacy. If the criteria are met, these attachments are flagged, enhancing the security posture against potential credential phishing schemes or malware deployment attempts that utilize these types of files.