sublimelowRule

Stark Industries VM Servers: Suspicious Sender

A message originating from a VM server within the stark-industries.solutions infrastructure, which may indicate unauthorized use of their systems for malicious purposes.

MITRE ATT&CK

T1566 T1566.001 T1566.002 T1598 T1204.002 T1486 T1036 T1027

defense-evasioninitial-access

Detection Query

type.inbound
and any(headers.domains,
        regex.imatch(.domain, "vm\\d+\\.stark-industries\\.solutions"))

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

Tags

Attack surface reduction

Raw Content

name: "Stark Industries VM Servers: Suspicious Sender"
description: "A message originating from a VM server within the stark-industries.solutions infrastructure, which may indicate unauthorized use of their systems for malicious purposes."
type: "rule"
severity: "low"
source: |
    type.inbound
    and any(headers.domains,
            regex.imatch(.domain, "vm\\d+\\.stark-industries\\.solutions"))
tags:
 - "Attack surface reduction"
attack_types:
  - "Credential Phishing"
  - "Malware/Ransomware"
tactics_and_techniques:
  - "Evasion"
  - "Social engineering"
detection_methods:
  - "Header analysis"