diff --git a/detection-rules/suspicious_matching_subject_sender_display_name.yml b/detection-rules/suspicious_matching_subject_sender_display_name.yml
new file mode 100644
index 00000000000..28dbef87d2a
--- /dev/null
+++ b/detection-rules/suspicious_matching_subject_sender_display_name.yml
@@ -0,0 +1,23 @@
+name: "Subject and sender display name contains matching long alphanumeric string"
+description: "Detects messages where both the subject line and sender display name contain identical alphanumeric strings that are between 32 and 64 characters, which may indicate automated generation or coordination between these fields for malicious purposes."
+type: "rule"
+severity: "low"
+source: |
+  type.inbound
+  and any(regex.iextract(subject.subject, '[^a-z0-9](?P<string>[a-z0-9]{32,64})(?:$|[^a-z0-9])'),
+         strings.contains(sender.display_name, .named_groups["string"])
+  )
+
+tags:
+ - "Attack surface reduction"
+attack_types:
+  - "Malware/Ransomware"
+  - "Credential Phishing"
+tactics_and_techniques:
+  - "Evasion"
+  - "Social engineering"
+detection_methods:
+  - "Content analysis"
+  - "Header analysis"
+  - "Sender analysis"
+id: "a8a0c831-b7f7-5534-bc4a-f01ca879a619"