Vendor: Zoom

April 15, 2026 · View on GitHub

Product: Zoom

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
11	5	5	4	0

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Ransomware	webconference-login ↳zoom-z-sk4-app-login-success-signin	T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts	1 Rules
Workforce Protection	web-meeting-started ↳zoom-z-json-meeting-start-success-started web-meeting-updated ↳zoom-z-json-meeting-modify-success-updated webconference-login ↳zoom-z-sk4-app-login-success-signin webconference-operations-activity ↳zoom-z-sk4-app-activity-success-operator	T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1098 - Account Manipulation	11 Rules 5 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts Valid Accounts: Cloud Accounts		Valid Accounts Account Manipulation	Valid Accounts	Valid Accounts					Proxy: Multi-hop Proxy Proxy