This detection rule aims to identify potentially malicious calendar (.ics) attachments containing invisible Unicode characters. Such characters can be exploited to conceal harmful content or to evade security measures. The rule is activated for inbound messages that contain calendar-specific keywords either in the subject or body, or those that include .ics attachments. It checks for two primary conditions: the presence of .ics files that meet certain criteria on their content structure and keywords related to calendar events, like 'calendar', 'meeting', 'event', or 'appointment'. Notably, it utilizes regular expressions to pinpoint sequences of invisible Unicode that may appear as normal but can harbor hidden malicious payloads. This helps to robustly flag emails that may be part of broader attack vectors such as Business Email Compromise (BEC), fraud, credential phishing, or ransomware/malware attempts. With high severity associated with this rule, prompt action and further analysis are recommended whenever a match is found to aid in preventing possible breaches.