This detection rule identifies malicious email attachments that use the Unicode Right-to-Left Override (RTLO) characters to obscure their actual file extensions. Attackers often exploit this technique to trick users into running harmful files by disguising executable files as innocent documents or images. This rule recursively inspects attachments for RTLO characters and evaluates the file names against common archive file extensions to detect such evasion techniques. The detection is executed through regex matching for the RTLO characters (U+202E and U+202D) and checks if the altered file name corresponds to known archive formats. Implement this detection to enhance security protocols against malware and ransomware attacks that leverage such evasion methods in email communications.