The Hardbacon infrastructure abuse detection rule targets the use of a defunct Canadian budgeting app's marketing platform for credential phishing campaigns. Attackers exploit legitimate email infrastructure to send phishing emails that appear credible to users, posing as Hardbacon while employing techniques such as brand impersonation and social engineering to trick victims. The rule specifies several conditions using specific identifiers: it checks for inbound email traffic where the sending domain is either 'hardbacon.com' or 'hardbacon.ca', it verifies that the emails are dispatched using the 'Sendinblue' mailer, and it ensures both DMARC and SPF authentication checks are passed. By analyzing email headers and sender information, this rule aims to catch otherwise secure phishing attempts that utilize well-known brands, thereby protecting users from falling victim to these impersonation-based attacks.