This detection rule is designed to identify ICS (iCalendar) calendar attachments that utilize non-standard calendar scales, specifically those that do not conform to the GREGORIAN calendar. The significance of this detection lies in the potential risks associated with malicious iCalendar files, which may exploit vulnerabilities in calendar parsers or evade security measures. The rule operates by inspecting incoming attachments and filtering for those that possess an ICS file extension or content type matching standard calendar formats. It then checks the parsed calendar scale to ensure it does not include the GREGORIAN scale, flagging any such occurrences for further review. The focus of this rule is to guard against credential phishing attempts that utilize recursively crafted calendar items as part of broader evasion strategies. Utilized methods include file and content analysis, contributing to a strategic security posture against sophisticated phishing.”,