Attachment-based malware is a persistent threat that just does not seem to die out. In early 2023, a new threat was exposed: a ransomware threat named MortalKombat, which spreads through phishing emails, targeting victims from the United States, then in the United Kingdom, Turkey, and the Philippines. At the same time, another advanced persistent threat (APT) called APT-C-61, also known as Tengyun Snake emerged and operated in South Asia with an expanded scope to Iran, Turkey, and other countries, sharing a similar initial attack vector. These two emerging threats highlighted the need to move away from a detection-based approach and adopt prevention-based solutions. The Kill The two attacks might use a similar threat vector, which is through phishing emails, but their kill chains are distinctive from one another. For MortalKombat, the kill chain starts when the threat actor delivers a malicious ZIP attachment, which contains the malicious payload. Once the