This detection rule focuses on identifying PDF attachments that have been generated by the ReportLab PDF Library, which is recognized for its use in automated document generation. The rule specifically targets files exhibiting default metadata that suggests they were not customized and were possibly created for malicious intents. These attributes include an untitled document, an anonymous creator or author, and an unspecified subject. Such metadata is often indicative of automated tools that can be employed in phishing attacks and other malicious activities, thereby prompting the need for monitoring and alerts regarding file attachments that fit this profile.