This detection rule identifies malicious attachments that contain embedded Shell.Explorer.1 COM objects with LNK files, which can be indicative of potentially harmful payloads. This rule focuses on incoming attachments, specifically targeting RTF files and other file types defined by macros in the $file_extensions_macros variable. The detection mechanism utilizes YARA patterns to check for matches that signify the presence of these embedded threats, aiming to thwart malware and ransomware attacks while employing evasion tactics. With a medium severity level, this rule plays a crucial role in enhancing attack surface reduction by preventing exploitation through file-based delivery methods.