diff --git a/rules/windows/process_creation/win_susp_bginfo.yml b/rules/windows/process_creation/win_susp_bginfo.yml
index 8fb1b0591..e18d5955d 100644
--- a/rules/windows/process_creation/win_susp_bginfo.yml
+++ b/rules/windows/process_creation/win_susp_bginfo.yml
@@ -8,7 +8,6 @@ author: Beyu Denis
 date: 2019/10/26
 tags:
     - attack.persistence
-    - attack.T1218
 level: medium
 logsource:
     category: process_creation
diff --git a/rules/windows/process_creation/win_susp_msoffice.yml b/rules/windows/process_creation/win_susp_msoffice.yml
index 2e5388f09..50be710ab 100644
--- a/rules/windows/process_creation/win_susp_msoffice.yml
+++ b/rules/windows/process_creation/win_susp_msoffice.yml
@@ -9,7 +9,6 @@ author: Beyu Denis
 date: 2019/10/26
 tags:
     - attack.persistence
-    - attack.T1105
 level: medium
 logsource:
     category: process_creation