diff --git a/deprecated/windows/net_connection_win_binary_github_com.yml b/deprecated/windows/net_connection_win_binary_github_com.yml
index cb8c86031..b43165d53 100644
--- a/deprecated/windows/net_connection_win_binary_github_com.yml
+++ b/deprecated/windows/net_connection_win_binary_github_com.yml
@@ -10,7 +10,7 @@ author: Michael Haag (idea), Florian Roth (Nextron Systems)
 date: 2017/08/24
 modified: 2023/04/18
 tags:
-    - attack.lateral_movement
+    - attack.command_and_control
     - attack.t1105
     - attack.exfiltration
     - attack.t1567.001
diff --git a/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml b/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml
index 6b226ce0a..3813a80c3 100644
--- a/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml
+++ b/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml
@@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems)
 date: 2020/07/03
 modified: 2022/06/02
 tags:
-    - attack.defense_evasion
+    - attack.command_and_control
     - attack.t1105
 logsource:
     product: windows
diff --git a/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml b/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml
index e0db8b576..8ce9e76fd 100644
--- a/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml
+++ b/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml
@@ -15,7 +15,7 @@ author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems
 date: 2018/08/30
 modified: 2024/02/09
 tags:
-    - attack.lateral_movement
+    - attack.command_and_control
     - attack.t1105
 logsource:
     category: network_connection
diff --git a/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml b/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml
index 4c9c69806..ae41264ca 100755
--- a/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml
+++ b/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml
@@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems)
 date: 2017/06/01
 modified: 2022/10/09
 tags:
-    - attack.lateral_movement
+    - attack.command_and_control
     - attack.t1105
 logsource:
     category: registry_event