This detection rule identifies HTML smuggling techniques that leverage hex-encoded string content within various file types and archives. The approach involves a recursive scan of targeted attachments, checking the file extensions and types to ascertain if they match known HTML formats or common archive types. If such files are detected, the rule scrutinizes their contents for hexadecimal patterns indicative of potential attacks, specifically those containing sequences of characters that conform to specific regex patterns, suggesting obfuscation meant to evade detection. By using various detection methods such as archive analysis and content analysis, the rule aims to effectively flag potentially harmful payloads that may facilitate credential phishing attacks or delivery of malware, including ransomware.