This detection rule targets unsolicited MHT (MIME HTML) files containing embedded VBScript, a common method used in various attacks to execute malicious code on a user's system. MHT files can encapsulate HTML content and embedded resources, making them a potential carrier for malware when using VBScript scripting. The rule triggers alerts when an inbound email contains attachments with the .mht extension or if these MHT files exist within common archive formats. To confirm the threat, the rule examines the content of the MHT file to identify any embedded scripts classified as VBScript. Furthermore, it checks the sender profile for signs of a malicious or spam history and validates that the attachment was unsolicited to minimize false positives. The severity of this rule is rated as medium, reflecting its potential to deliver malware, specifically under 'Malware/Ransomware' attack types, employing 'Evasion' and 'Scripting' tactics and techniques.