This rule detects inbound PDF attachments that attempt to obfuscate JavaScript using JSFck encoding. It targets PDFs in inbound contexts, filtering for attachments with a file type of pdf. The detection logic expands the attachment content (file.explode) and evaluates only the top-level (depth == 0) content for matching YARA rules named pdf_jsfck_strings or pdf_jsfck_ratio. If either YARA rule matches, the alert is raised as high severity, aligned with Malware/Ransomware intent and evasion techniques typical of PDF-based payloads. Detection methods include File analysis and YARA scanning. The rule is designed to catch stealthy JSFck-encoded JavaScript embedded in PDFs, a known technique to bypass standard defenses by hiding malicious code in document structures.