This detection rule identifies suspicious HTML email attachments that contain an excessive number of 'const' declarations and long timeout functions, which may indicate code injection or obfuscation attempts. Specifically, it flags those HTML files with seven or more 'const' declarations and checks for the presence of lengthy 'setTimeout' functions, further filtering out legitimate messages from Gmail by excluding files that match a specific regex pattern. The approach also considers the sender's trustworthiness, ensuring that emails from high-trust domains that fail DMARC verification are flagged. This comprehensive rule is imperative for recognizing potential malware or phishing attempts through advanced HTML constructs and anomalous scripting techniques.