diff --git a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
index 62a448333..fd011bbe5 100644
--- a/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
+++ b/rules/windows/sysmon/silenttrinity_stager_msbuild_activity.yml
@@ -5,9 +5,9 @@ references:
     - https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/
 tags:
     - attack.execution
-    - attack.t1127.001
-    - attack.tA0002
-    - attack.t1127
+    - attack.ta0002
+    - attack.t1127.001 
+    - attack.t1127  #an old one
 status: experimental
 author: Kiran kumar s, oscd.community
 date: 2020/10/11