This detection rule identifies cases where ICS (iCalendar) invite files contain embedded documents that may pose risks, such as malware or ransomware threats. The rule focuses on the characteristics of the attachment, specifically those with a file extension of '.ics'. It scans the contents of these ICS files for indications of embedded documents, particularly looking for encoding patterns and specific filenames associated with common document types. The presence of a filename pattern indicating documents (like .doc, .dot, etc.) within a binary attachment could signify an attempt to deliver malicious payloads. This rule helps to catch potential threats before they can execute on the system, enhancing overall security posture regarding file attachments received over inbound communications.