diff --git a/rules-emerging-threats/2021/TA/HAFNIUM/proc_creation_win_apt_hafnium.yml b/rules-emerging-threats/2021/TA/HAFNIUM/proc_creation_win_apt_hafnium.yml
index 33cebae52..64f968112 100644
--- a/rules-emerging-threats/2021/TA/HAFNIUM/proc_creation_win_apt_hafnium.yml
+++ b/rules-emerging-threats/2021/TA/HAFNIUM/proc_creation_win_apt_hafnium.yml
@@ -15,6 +15,7 @@ tags:
     - attack.persistence
     - attack.t1546
     - attack.t1053
+    - attack.g0125
     - detection.emerging_threats
 logsource:
     category: process_creation
diff --git a/rules-emerging-threats/2021/TA/HAFNIUM/web_exchange_exploitation_hafnium.yml b/rules-emerging-threats/2021/TA/HAFNIUM/web_exchange_exploitation_hafnium.yml
index b5bd44e99..d09df9fad 100644
--- a/rules-emerging-threats/2021/TA/HAFNIUM/web_exchange_exploitation_hafnium.yml
+++ b/rules-emerging-threats/2021/TA/HAFNIUM/web_exchange_exploitation_hafnium.yml
@@ -11,6 +11,7 @@ modified: 2023/01/02
 tags:
     - attack.initial_access
     - attack.t1190
+    - attack.g0125
     - detection.emerging_threats
 logsource:
     category: webserver
diff --git a/rules-emerging-threats/2023/TA/EquationGroup/net_dns_apt_equation_group_triangulation_c2_coms.yml b/rules-emerging-threats/2023/TA/EquationGroup/net_dns_apt_equation_group_triangulation_c2_coms.yml
index 913d4f9f5..3850fbec3 100644
--- a/rules-emerging-threats/2023/TA/EquationGroup/net_dns_apt_equation_group_triangulation_c2_coms.yml
+++ b/rules-emerging-threats/2023/TA/EquationGroup/net_dns_apt_equation_group_triangulation_c2_coms.yml
@@ -12,6 +12,7 @@ author: Florian Roth (Nextron Systems)
 date: 2023/06/01
 tags:
     - attack.command_and_control
+    - attack.g0020
     - detection.emerging_threats
 logsource:
     category: dns
diff --git a/rules-emerging-threats/2023/TA/EquationGroup/proxy_apt_equation_group_triangulation_c2_coms.yml b/rules-emerging-threats/2023/TA/EquationGroup/proxy_apt_equation_group_triangulation_c2_coms.yml
index da3dfcd35..09f41413f 100644
--- a/rules-emerging-threats/2023/TA/EquationGroup/proxy_apt_equation_group_triangulation_c2_coms.yml
+++ b/rules-emerging-threats/2023/TA/EquationGroup/proxy_apt_equation_group_triangulation_c2_coms.yml
@@ -12,6 +12,7 @@ author: Florian Roth (Nextron Systems)
 date: 2023/06/01
 tags:
     - attack.command_and_control
+    - attack.g0020
     - detection.emerging_threats
 logsource:
     category: proxy
diff --git a/rules-emerging-threats/2023/TA/FIN7/file_event_win_apt_fin7_powershell_scripts_naming_convention.yml b/rules-emerging-threats/2023/TA/FIN7/file_event_win_apt_fin7_powershell_scripts_naming_convention.yml
index e130d292f..a97a37877 100644
--- a/rules-emerging-threats/2023/TA/FIN7/file_event_win_apt_fin7_powershell_scripts_naming_convention.yml
+++ b/rules-emerging-threats/2023/TA/FIN7/file_event_win_apt_fin7_powershell_scripts_naming_convention.yml
@@ -8,6 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/05/04
 tags:
     - attack.execution
+    - attack.g0046
     - detection.emerging_threats
 logsource:
     category: file_event
diff --git a/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powerhold.yml b/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powerhold.yml
index ef1789633..dd4828d7a 100644
--- a/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powerhold.yml
+++ b/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powerhold.yml
@@ -9,6 +9,7 @@ date: 2023/05/04
 tags:
     - attack.execution
     - attack.t1059.001
+    - attack.g0046
     - detection.emerging_threats
 logsource:
     product: windows
diff --git a/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powertrash_execution.yml b/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powertrash_execution.yml
index e55581be4..38519e2c8 100644
--- a/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powertrash_execution.yml
+++ b/rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powertrash_execution.yml
@@ -9,6 +9,7 @@ date: 2023/05/04
 tags:
     - attack.execution
     - attack.t1059.001
+    - attack.g0046
     - detection.emerging_threats
 logsource:
     product: windows
diff --git a/rules-emerging-threats/2023/TA/FIN7/proc_creation_win_apt_fin7_powertrash_lateral_movement.yml b/rules-emerging-threats/2023/TA/FIN7/proc_creation_win_apt_fin7_powertrash_lateral_movement.yml
index 8a5118dfa..9195364bc 100644
--- a/rules-emerging-threats/2023/TA/FIN7/proc_creation_win_apt_fin7_powertrash_lateral_movement.yml
+++ b/rules-emerging-threats/2023/TA/FIN7/proc_creation_win_apt_fin7_powertrash_lateral_movement.yml
@@ -10,6 +10,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/05/04
 tags:
     - attack.execution
+    - attack.g0046
     - detection.emerging_threats
 logsource:
     category: process_creation
diff --git a/rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml b/rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml
index 680ed7a93..c9323758c 100644
--- a/rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml
+++ b/rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml
@@ -12,6 +12,7 @@ tags:
     - attack.privilege_escalation
     - attack.t1574.001
     - attack.t1574.002
+    - attack.g0032
     - detection.emerging_threats
 logsource:
     product: windows
diff --git a/rules-emerging-threats/2023/TA/Mustang-Panda-Australia-Campaign/proc_creation_win_apt_mustang_panda_indicators.yml b/rules-emerging-threats/2023/TA/Mustang-Panda-Australia-Campaign/proc_creation_win_apt_mustang_panda_indicators.yml
index 4d4c002d1..0e86da4b0 100644
--- a/rules-emerging-threats/2023/TA/Mustang-Panda-Australia-Campaign/proc_creation_win_apt_mustang_panda_indicators.yml
+++ b/rules-emerging-threats/2023/TA/Mustang-Panda-Australia-Campaign/proc_creation_win_apt_mustang_panda_indicators.yml
@@ -8,6 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/05/15
 tags:
     - attack.execution
+    - attack.g0129
     - detection.emerging_threats
 logsource:
     category: process_creation