diff --git a/rules/windows/process_creation/win_exploit_lpe_cve_2021_41379.yml b/rules/windows/process_creation/win_exploit_lpe_cve_2021_41379.yml
index e6db15cf9..4fd4ecd5b 100644
--- a/rules/windows/process_creation/win_exploit_lpe_cve_2021_41379.yml
+++ b/rules/windows/process_creation/win_exploit_lpe_cve_2021_41379.yml
@@ -7,7 +7,8 @@ date: 2021/11/22
 references:
     - https://github.com/klinix5/InstallerFileTakeOver
 tags:
-
+    - attack.privilege_escalation
+    - attack.t1068
 logsource:
     category: process_creation
     product: windows