This detection rule is designed to identify HTML smuggling techniques by recursively scanning files and archives for specific patterns associated with harmful content delivery methods, particularly where HTML files can be disguised or leveraged to execute malicious JavaScript. The rule focuses on identifying attachments with file extensions commonly used for HTML documents or compressed archives. It uses regex to search for raw array buffer patterns that might indicate embedded obfuscated payloads. Specifically, the regex pattern looks for hexadecimal byte sequences with a length indicating a potential malicious script. Additionally, the rule scans for '.map' file references which are commonly associated with JavaScript mapping files that might be utilized in targeted attacks. The complexity of the detection lies in the need to analyze deeply nested file structures and correctly interpret the extracted strings to differentiate legitimate use from potentially harmful content.