This detection rule identifies potential HTML smuggling attacks that involve attachments containing base64-encoded ISO files. The incorporation of a base64 string in an HTML file can be an effective method for cybercriminals to deliver malicious payloads without triggering common security defenses. The rule analyzes inbound emails and their attachments, specifically looking for HTML files or other common archive types. It further inspects the content of these files for specific base64 encoded patterns indicative of ISO files, which are a common vector for malware distribution, especially in phishing attacks. By applying various content and file analysis methods, this rule aims to flag suspicious attachments that align with known tactics, techniques, and procedures (TTPs) used by multiple threat actors, categorizing the severity of the threat as high due to the potential for significant harm, including credential theft and ransomware deployment.