← Back to Explore
sublimelowRule
Stark Industries VM Servers: Suspicious Sender
A message originating from a VM server within the stark-industries.solutions infrastructure, which may indicate unauthorized use of their systems for malicious purposes.
Detection Query
type.inbound
and any(headers.domains,
regex.imatch(.domain, "vm\\d+\\.stark-industries\\.solutions"))
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Tags
Attack surface reduction
Raw Content
name: "Stark Industries VM Servers: Suspicious Sender"
description: "A message originating from a VM server within the stark-industries.solutions infrastructure, which may indicate unauthorized use of their systems for malicious purposes."
type: "rule"
severity: "low"
source: |
type.inbound
and any(headers.domains,
regex.imatch(.domain, "vm\\d+\\.stark-industries\\.solutions"))
tags:
- "Attack surface reduction"
attack_types:
- "Credential Phishing"
- "Malware/Ransomware"
tactics_and_techniques:
- "Evasion"
- "Social engineering"
detection_methods:
- "Header analysis"