This detection rule targets HTML smuggling techniques, specifically focusing on attachments that may carry Base64 encoded JavaScript functions within HTML script tags. The rule is designed to detect files that either possess HTML-specific extensions (like .html or .htm), lack a file extension altogether, or have unrecognized file formats. It highlights the tendency of threat actors to obfuscate malicious scripts as a means of credential phishing. The rule uses a multi-layered logic check to validate attachment properties, including file extension, type, and content type, and scrutinizes the presence of Base64 encoded JavaScript within the attachment's content. Given the rise in such tactics in phishing campaigns, this rule plays a critical role in identifying potentially harmful emails before they reach the end-users.