[New RogueApp]: Zoominfo Login

[HuskyHacks]

⚠️ Please include as much detail as possible. Please do not submit any private, sensitive, and/or proprietary information.

• Contributor Name: [your name, research group name, or handle]
• RogueApp Name: [the name of the RogueApp]
• RogueApp Description: [the description of the RogueApp and the summary of how it is used maliciously.]
• App Owner Organization ID: [the ID of the organization that owns the RogueApp]
• App Publisher Name: [the name of the publisher of the RogueApp]
• App Publisher ID: [the ID of the publisher of the RogueApp]
• Permissions: [the permissions that the application uses, including the resource, permission scope, and type, i.e. Microsoft Graph - openid - Delegated]
• Tags: [any applicable tags, i.e. BEC, persistence, spam. Comma separated]
• MITRE ATT&CK IDs: [any applicable MITRE ATT&CK IDs. Comma separated]
• References: [References for the observed TTPs for the RogueApp. We require writeups on the specific adversary tactics for any submitted RogueApp. References can also include the official application documentation.]
• Date Added: [the date when the RogueApp was added to the repository]

Reference

The RogueApp specification is defined in types.ts. Please submit as much information as you can for each field (it does not have to be 100% complete but please submit everything you can!)

[syne0]

Contributor Name: Syne0 RogueApp Name: ZoomInfo Login RogueApp Description: ZoomInfo is a business intelligence platform that contains a large database of company and contact information. It is possible to use ZoomInfo via SSO with a Microsoft365 account, which creates this service principal within a tenant. App ID: 858d7e42-35f0-44b7-9033-df309239a4f7 App Owner Organization ID: 945a9641-35c7-435c-a5a0-c8753e6dff88 App Publisher Name: App Publisher ID: Permissions: Microsoft Graph: User.Read (Delegated) Microsoft Graph: email (Delegated) Microsoft Graph: openid (Delegated) Microsoft Graph: profile (Delegated) Tags: persistence MITRE ATT&CK IDs: T1136.003 References: https://cybercorner.tech/common-oauth-apps-used-in-business-email-compromise/#ZoomInfo, https://abnormalsecurity.com/blog/cybercriminals-exploit-b2b-lead-generation-tools Date Added: [the date when the RogueApp was added to the repository]