This detection rule focuses on identifying malicious file execution attempts that leverage SVG (Scalable Vector Graphics) files. The rule specifically targets SVG files that contain ActiveX scripting, which can call Windows Script Host components. Within these SVG files, the script can utilize 'WScript.Shell' to execute programs, exemplified by a snippet that runs 'calc.exe'. The rule examines attachments of inbound traffic and looks for files with an SVG extension or common archive extensions. It further inspects the contents for the presence of strings associated with the execution commands, particularly checking for 'ActiveXObject', 'WScript.Shell', and variations of 'Run' or 'Execute'. This creates a clear path for identifying potential threats embedded in SVG files, emphasizing the dangers of executing scripts from untrusted sources. The rule employs multiple detection methods including archive analysis, content analysis, and file analysis to effectively flag suspicious activity.