Merge PR #5381 from @david-syk - Update MITRE ATT&CK tags

david-syk · web-flow · commit 95b6dd857399 · 2025-04-25T20:55:51.000+02:00
chore: update multiple mitre att&amp;ck tags
diff --git a/rules/application/rpc_firewall/rpc_firewall_sharphound_recon_sessions.yml b/rules/application/rpc_firewall/rpc_firewall_sharphound_recon_sessions.yml
@@ -11,6 +11,7 @@ author: Sagie Dulce, Dekel Paz
 date: 2022-01-01
 modified: 2022-01-01
 tags:
+    - attack.discovery
     - attack.t1033
 logsource:
     product: rpc_firewall
diff --git a/rules/cloud/bitbucket/audit/bitbucket_audit_user_permissions_export_attempt_detected.yml b/rules/cloud/bitbucket/audit/bitbucket_audit_user_permissions_export_attempt_detected.yml
@@ -9,6 +9,8 @@ author: Muhammad Faisal (@faisalusuf)
 date: 2024-02-25
 tags:
     - attack.reconnaissance
+    - attack.collection
+    - attack.discovery
     - attack.t1213
     - attack.t1082
     - attack.t1591.004
diff --git a/rules/windows/process_creation/proc_creation_win_hktl_sharpup.yml b/rules/windows/process_creation/proc_creation_win_hktl_sharpup.yml
@@ -9,6 +9,8 @@ date: 2022-08-20
 modified: 2023-02-13
 tags:
     - attack.privilege-escalation
+    - attack.discovery
+    - attack.execution
     - attack.t1615
     - attack.t1569.002
     - attack.t1574.005
diff --git a/rules/windows/process_creation/proc_creation_win_hktl_winpeas.yml b/rules/windows/process_creation/proc_creation_win_hktl_winpeas.yml
@@ -10,6 +10,7 @@ date: 2022-09-19
 modified: 2023-03-23
 tags:
     - attack.privilege-escalation
+    - attack.discovery
     - attack.t1082
     - attack.t1087
     - attack.t1046
diff --git a/rules/windows/process_creation/proc_creation_win_regedit_export_critical_keys.yml b/rules/windows/process_creation/proc_creation_win_regedit_export_critical_keys.yml
@@ -13,6 +13,7 @@ date: 2020-10-12
 modified: 2024-03-13
 tags:
     - attack.exfiltration
+    - attack.discovery
     - attack.t1012
 logsource:
     category: process_creation
diff --git a/rules/windows/process_creation/proc_creation_win_regedit_export_keys.yml b/rules/windows/process_creation/proc_creation_win_regedit_export_keys.yml
@@ -13,6 +13,7 @@ date: 2020-10-07
 modified: 2024-03-13
 tags:
     - attack.exfiltration
+    - attack.discovery
     - attack.t1012
 logsource:
     category: process_creation
diff --git a/rules/windows/process_creation/proc_creation_win_webshell_chopper.yml b/rules/windows/process_creation/proc_creation_win_webshell_chopper.yml
@@ -8,6 +8,7 @@ author: Florian Roth (Nextron Systems), MSTI (query)
 date: 2022-10-01
 tags:
     - attack.persistence
+    - attack.discovery
     - attack.t1505.003
     - attack.t1018
     - attack.t1033
diff --git a/rules/windows/process_creation/proc_creation_win_webshell_hacking.yml b/rules/windows/process_creation/proc_creation_win_webshell_hacking.yml
@@ -10,6 +10,7 @@ date: 2022-03-17
 modified: 2023-11-09
 tags:
     - attack.persistence
+    - attack.discovery
     - attack.t1505.003
     - attack.t1018
     - attack.t1033
diff --git a/rules/windows/process_creation/proc_creation_win_webshell_recon_commands_and_processes.yml b/rules/windows/process_creation/proc_creation_win_webshell_recon_commands_and_processes.yml
@@ -11,6 +11,7 @@ date: 2017-01-01
 modified: 2024-12-14
 tags:
     - attack.persistence
+    - attack.discovery
     - attack.t1505.003
     - attack.t1018
     - attack.t1033
