Posted
This Dashboard was created to track potential Zoom-related intelligence and indicators as the news of it being vulnerable was widely publicized. With many of us working from home these days, and in general more people being at home – attackers know this and know they have a much larger number of Zoom users to exploit.
The Zoom-related Dashboard offers a single pane of glass view into potential Zoom related threats, aggregating all potentially related IOCs and Threat Intelligence products into one, easy-to-digest Dashboard for quick analysis. Users can click on a Tag in the Zoom Related Tag card for more information on each Tag.
To create the Dashboard, use the following:
Zoom related tags: tag in ("zoom", "zoom conference", "specified targets: zoom")
Zoom Related Intelligence: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"
Zoom Related IOCs: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"
Dashboard as of 4/10/2020