This detection rule identifies the presence of HTML attachments that contain base64-encoded executables, a technique commonly employed by attackers to smuggle malware through email communications. The rule flags emails with HTML file extensions such as 'html', 'htm', 'shtml', or 'dhtml', as well as certain common archive formats. It performs an in-depth analysis of these files, leveraging techniques such as YARA to detect base64 patterns indicative of embedded executable content. This is especially pertinent due to the rise of sophisticated email-based attacks exemplified by those attributed to the Nobelium threat actor group. The severity level of this rule is marked as high due to the potential impact of undetected malicious executables that could compromise systems or lead to ransomware attacks.