Merge PR #4392 from @tjgeorgen - Update MITRE Tags

- update: update MITRE tags for multiple rules

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>

rules/windows/powershell/powershell_script/posh_ps_dotnet_assembly_from_file.yml

@@ -6,6 +6,9 @@ references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=50
 author: frack113
 date: 2022/12/25
+tags:
+    - attack.defense_evasion
+    - attack.t1620
 logsource:
     product: windows
     category: ps_script

rules/windows/powershell/powershell_script/posh_ps_download_com_cradles.yml

@@ -10,6 +10,9 @@ references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=57
 author: frack113
 date: 2022/12/25
+tags:
+    - attack.command_and_control
+    - attack.t1105
 logsource:
     product: windows
     category: ps_script

rules/windows/powershell/powershell_script/posh_ps_frombase64string_archive.yml

@@ -9,6 +9,9 @@ references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=43
 author: frack113
 date: 2022/12/23
+tags:
+    - attack.command_and_control
+    - attack.t1132.001
 logsource:
     product: windows
     category: ps_script

rules/windows/powershell/powershell_script/posh_ps_x509enrollment.yml

@@ -11,6 +11,9 @@ references:
     - https://learn.microsoft.com/en-us/dotnet/api/microsoft.hpc.scheduler.store.cx509enrollmentwebclassfactoryclass?view=hpc-sdk-5.1.6115
 author: frack113
 date: 2022/12/23
+tags:
+    - attack.defense_evasion
+    - attack.t1553.004
 logsource:
     product: windows
     category: ps_script