From aee0d1dd67f8129c9b20a29fcf025db03c5ac545 Mon Sep 17 00:00:00 2001
From: Liam Sennitt <liam.sennitt@gmail.com>
Date: Wed, 13 Mar 2019 09:25:28 +0000
Subject: [PATCH] fix tags on apt29 tor rule

---
 rules/apt/apt_apt29_tor.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/apt/apt_apt29_tor.yml b/rules/apt/apt_apt29_tor.yml
index 6fcadf46d..b3fd89d18 100755
--- a/rules/apt/apt_apt29_tor.yml
+++ b/rules/apt/apt_apt29_tor.yml
@@ -5,9 +5,9 @@ description: 'This method detects malicious services mentioned in APT29 report b
 references:
     - https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
 tags:
-    - attack.command_and_control
+    - attack.persistence
     - attack.g0016
-    - attack.t1172
+    - attack.t1050
 logsource:
     product: windows
     service: system