This detection rule identifies malicious attachments that are JavaScript files or compressed archives containing JavaScript files specifically when these are base64-encoded executable files. The rule employs a multi-condition approach that first checks inbound message types for attachments that can either be typical compressed file formats or specifically JavaScript (.js) and Java ARchive (.jar) files. It then further analyzes the content of the files using a file explosion method, enabling it to inspect nested files within compressed archives. The key indicators for triggering this detection include recognizing the attachment as a JavaScript or archive file and checking if the file has YARA signatures correlated with base64-encoded Portable Executable (PE) payloads. This sophisticated rule aims to prevent malware and ransomware attacks by intercepting potentially harmful scripts before they execute.