The rule "Attachment: PowerShell Content" identifies potential threats posed by PowerShell scripts that are shared as email attachments or within archived files. This detection rule is critical as typical mail filters may not capture PowerShell scripts due to the use of alternative file formats or archives to evade detection. The rule scans through files and archives recursively to identify extensions associated with PowerShell, namely .ps1, .ps1xml, .psm1, .psd1, .pssc, .psrc, .cdxml, .ps2, .ps2xml, and .psc2. Additionally, it checks within compressed archive formats, accounting for a broader range of malicious content. By employing a thorough analysis of files, particularly those that may be obfuscated or hidden within common archive file types, this rule reinforces the security posture against malware and ransomware attacks that leverage PowerShell scripting.