Playbook Fridays: Potential Zoom-related Threats Dashboard

This Dashboard was created to track potential Zoom-related intelligence and indicators as the news of it being vulnerable was widely publicized. With many of us working from home these days, and in general more people being at home – attackers know this and know they have a much larger number of Zoom users to exploit.

The Zoom-related Dashboard offers a single pane of glass view into potential Zoom related threats, aggregating all potentially related IOCs and Threat Intelligence products into one, easy-to-digest Dashboard for quick analysis. Users can click on a Tag in the Zoom Related Tag card for more information on each Tag.

To create the Dashboard, use the following:

Zoom related tags: tag in ("zoom", "zoom conference", "specified targets: zoom")
Zoom Related Intelligence: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"
Zoom Related IOCs: (hasGroup( typename = ("Adversary", "Campaign", "Document", "Email", "Event", "Incident", "Intrusion Set", "Report", "Signature", "Task", "Threat") and tag in ("zoom", "zoom conference", "specified targets: zoom")) or tag in ("zoom", "zoom conference", "specified targets: zoom") or summary contains "zoom" or summary contains "zoom conference") and dateAdded > "02-01-2020"

 

Dashboard as of 4/10/2020

About the Author
ThreatConnect

ThreatConnect is the only security platform with comprehensive intelligence, analytics, automation, orchestration, and workflow capabilities native within a single solution. With ThreatConnect, you will be able to increase accuracy and efficiency, improve collaboration of teams and technology, strengthen business-security goal alignment, and build a single source of truth for your entire security team.