Skip to content

Commit

Permalink
Sync from PR#2210
Browse files Browse the repository at this point in the history 
Create infra_abuse_hardbacon.yml by @aidenmitchell
#2210
Source SHA 66eff76
Triggered by @aidenmitchell
  • Loading branch information
Sublime Rule Testing Bot committed Dec 10, 2024
1 parent 243597e commit 0c8af75
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions detection-rules/infra_abuse_hardbacon.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: "Hardbacon infrastructure abuse"
description: "Hardbacon is a defunct Canadian budgeting app. Attackers have been observed using their marketing platform to send credential phishing messages."
type: "rule"
severity: "high"
source: |
type.inbound
and sender.email.domain.root_domain in ('hardbacon.com', 'hardbacon.ca')
and headers.auth_summary.dmarc.pass
and headers.auth_summary.spf.pass
attack_types:
- "Credential Phishing"
tactics_and_techniques:
- "Evasion"
- "Impersonation: Brand"
- "Social engineering"
detection_methods:
- "Header analysis"
- "Sender analysis"
id: "5330db42-10d2-5671-bcb2-a99449ac24c2"
testing_pr: 2210
testing_sha: 66eff76a518f360508bc71b32ccf9d9c82978108

0 comments on commit 0c8af75

Please sign in to comment.