diff --git a/modules/auxiliary/admin/smb/change_password.rb b/modules/auxiliary/admin/smb/change_password.rb
index 3f05693615..f4df27d0c1 100644
--- a/modules/auxiliary/admin/smb/change_password.rb
+++ b/modules/auxiliary/admin/smb/change_password.rb
@@ -26,6 +26,7 @@ class MetasploitModule < Msf::Auxiliary
         ],
         'References' => [
           ['URL', 'https://github.com/fortra/impacket/blob/master/examples/changepasswd.py'],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],
diff --git a/modules/auxiliary/admin/smb/delete_file.rb b/modules/auxiliary/admin/smb/delete_file.rb
index 1b65c2b2b6..747ffc749c 100644
--- a/modules/auxiliary/admin/smb/delete_file.rb
+++ b/modules/auxiliary/admin/smb/delete_file.rb
@@ -30,6 +30,9 @@ class MetasploitModule < Msf::Auxiliary
         'mubix' # copied from hdm upload_file module
       ],
       'License' => MSF_LICENSE,
+      'References' => [
+        [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
+      ],
       'Notes' => {
         'Stability' => [OS_RESOURCE_LOSS],
         'SideEffects' => [],
diff --git a/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb b/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb
index f9ff4e0698..5eaf3be37d 100644
--- a/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb
+++ b/modules/auxiliary/admin/smb/psexec_ntdsgrab.rb
@@ -35,7 +35,8 @@ class MetasploitModule < Msf::Auxiliary
         'References' => [
           [ 'URL', 'http://sourceforge.net/projects/smbexec' ],
           [ 'URL', 'https://www.optiv.com/blog/owning-computers-without-shell-access' ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ]
+          [ 'ATT&CK', Mitre::Attack::Technique::T1003_003_NTDS ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_002_SMB_WINDOWS_ADMIN_SHARES ]
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],
diff --git a/modules/exploits/linux/misc/igel_command_injection.rb b/modules/exploits/linux/misc/igel_command_injection.rb
index 666de0b0b2..72e42d2fbc 100644
--- a/modules/exploits/linux/misc/igel_command_injection.rb
+++ b/modules/exploits/linux/misc/igel_command_injection.rb
@@ -36,6 +36,7 @@ class MetasploitModule < Msf::Exploit::Remote
           [ 'CVE', '2025-34082' ],
           [ 'URL', 'https://kb.igel.com/securitysafety/en/isn-2021-01-igel-os-remote-command-execution-vulnerability-41449239.html' ],
           [ 'URL', 'https://www.igel.com/wp-content/uploads/2021/02/lxos_11.04.270.txt' ],
+          [ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ], # Telnet service
           [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
         ],
         'Platform' => ['linux'],
diff --git a/modules/exploits/multi/http/tomcat_mgr_upload.rb b/modules/exploits/multi/http/tomcat_mgr_upload.rb
index 26e896fa58..1530e752cb 100644
--- a/modules/exploits/multi/http/tomcat_mgr_upload.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_upload.rb
@@ -62,7 +62,8 @@ class MetasploitModule < Msf::Exploit::Remote
           ['BID', '36954'],
 
           # tomcat docs
-          ['URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html']
+          ['URL', 'http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html'],
+          ['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES],
         ],
         'Platform' => %w{java linux win}, # others?
         'Targets' => [
diff --git a/modules/post/osx/gather/vnc_password_osx.rb b/modules/post/osx/gather/vnc_password_osx.rb
index 9a0b79e659..b78df4ad99 100644
--- a/modules/post/osx/gather/vnc_password_osx.rb
+++ b/modules/post/osx/gather/vnc_password_osx.rb
@@ -23,10 +23,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ]
-        ]
+        }
       )
     )
   end
diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb
index 944a55ebf3..4e09ec5286 100644
--- a/modules/post/windows/gather/credentials/mremote.rb
+++ b/modules/post/windows/gather/credentials/mremote.rb
@@ -33,12 +33,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_005_VNC ],
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
-        ]
+        }
       )
     )
   end
diff --git a/modules/post/windows/gather/credentials/rdc_manager_creds.rb b/modules/post/windows/gather/credentials/rdc_manager_creds.rb
index e4fcc396c3..da9b5ba7cc 100644
--- a/modules/post/windows/gather/credentials/rdc_manager_creds.rb
+++ b/modules/post/windows/gather/credentials/rdc_manager_creds.rb
@@ -51,10 +51,7 @@ class MetasploitModule < Msf::Post
               stdapi_sys_process_memory_write
             ]
           }
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES ]
-        ]
+        }
       )
     )
   end
diff --git a/modules/post/windows/manage/enable_rdp.rb b/modules/post/windows/manage/enable_rdp.rb
index 3c22f2ff73..446b93b1bd 100644
--- a/modules/post/windows/manage/enable_rdp.rb
+++ b/modules/post/windows/manage/enable_rdp.rb
@@ -28,10 +28,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [CONFIG_CHANGES],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_001_REMOTE_DESKTOP_PROTOCOL ]
-        ]
+        }
       )
     )
 
diff --git a/modules/post/windows/manage/install_ssh.rb b/modules/post/windows/manage/install_ssh.rb
index 8e5dc256d1..0bba0056f9 100644
--- a/modules/post/windows/manage/install_ssh.rb
+++ b/modules/post/windows/manage/install_ssh.rb
@@ -24,8 +24,7 @@ class MetasploitModule < Msf::Post
         'SessionTypes' => [ 'meterpreter', 'shell' ],
         'References'	=> [
           ['URL', 'https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview'],
-          ['URL', 'https://github.com/PowerShell/openssh-portable'],
-          ['ATT&CK', Mitre::Attack::Technique::T1021_004_SSH]
+          ['URL', 'https://github.com/PowerShell/openssh-portable']
         ],
         'Notes' => {
           'Stability' => [CRASH_SAFE],
diff --git a/modules/post/windows/manage/sshkey_persistence.rb b/modules/post/windows/manage/sshkey_persistence.rb
index e14975d2cf..c634cf5bd3 100644
--- a/modules/post/windows/manage/sshkey_persistence.rb
+++ b/modules/post/windows/manage/sshkey_persistence.rb
@@ -38,10 +38,7 @@ class MetasploitModule < Msf::Post
           'Stability' => [CRASH_SAFE],
           'SideEffects' => [ARTIFACTS_ON_DISK],
           'Reliability' => []
-        },
-        'References' => [
-          [ 'ATT&CK', Mitre::Attack::Technique::T1021_004_SSH ]
-        ]
+        }
       )
     )