Hardbacon infrastructure abuse

calendar Dec 20, 2024  ยท
Share on: linkedin copy

Hardbacon is a defunct Canadian budgeting app. Attackers have been observed using their marketing platform to send credential phishing messages.

Sublime rule (View on GitHub)

 1name: "Hardbacon infrastructure abuse"
 2description: "Hardbacon is a defunct Canadian budgeting app. Attackers have been observed using their marketing platform to send credential phishing messages."
 3type: "rule"
 4severity: "high"
 5source: |
 6  type.inbound
 7  and sender.email.domain.root_domain in ('hardbacon.com', 'hardbacon.ca')
 8  and headers.mailer == 'Sendinblue'
 9  and headers.auth_summary.dmarc.pass
10  and headers.auth_summary.spf.pass  
11
12attack_types:
13  - "Credential Phishing"
14tactics_and_techniques:
15  - "Evasion"
16  - "Impersonation: Brand"
17  - "Social engineering"
18detection_methods:
19  - "Header analysis"
20  - "Sender analysis"
21id: "5330db42-10d2-5671-bcb2-a99449ac24c2"
to-top