diff --git a/detection-rules/attachment_qr_code_suspicious_components.yml b/detection-rules/attachment_qr_code_suspicious_components.yml
index c081611dfd6..4a940e2ef3a 100644
--- a/detection-rules/attachment_qr_code_suspicious_components.yml
+++ b/detection-rules/attachment_qr_code_suspicious_components.yml
@@ -9,7 +9,7 @@ source: |
   
   // Inspects image attachments for QR codes
   and any(attachments,
-          .file_type in $file_types_images
+          (.file_type in $file_types_images or .file_type == "pdf")
           and (
             any(file.explode(.),
                 .scan.qr.type == "url"