diff --git a/rules/windows/driver_load/driver_load_vuln_drivers_names.yml b/rules/windows/driver_load/driver_load_vuln_drivers_names.yml
index 94991aa73..6011de40e 100644
--- a/rules/windows/driver_load/driver_load_vuln_drivers_names.yml
+++ b/rules/windows/driver_load/driver_load_vuln_drivers_names.yml
@@ -16,6 +16,9 @@ references:
     - https://github.com/stong/CVE-2020-15368
     - https://github.com/CaledoniaProject/drivers-binaries
 date: 2022/10/03
+tags:
+    - attack.privilege_escalation
+    - attack.t1543.003
 logsource:
     product: windows
     category: driver_load
@@ -162,6 +165,3 @@ falsepositives:
     - Some false positives may occure if one of the vulnerable driver names mentioned above didn't change it's name between versions. So always make sure that the driver being loaded is the legitimate one and the non vulnerable version.
     - If you experience a lot of FP you could comment the driver name or it's exact known legitimate location (when possible)
 level: medium
-tags:
-    - attack.privilege_escalation
-    - attack.t1543.003