From b1aa50ebcda099bed6b87fb08683bdbc9cb1b26e Mon Sep 17 00:00:00 2001
From: Vasilisa-L <72190607+Vasilisa-L@users.noreply.github.com>
Date: Wed, 14 Oct 2020 16:27:46 +0300
Subject: [PATCH] T1059.001 added

---
 rules/windows/process_creation/win_susp_pester.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/windows/process_creation/win_susp_pester.yml b/rules/windows/process_creation/win_susp_pester.yml
index 7d10550f8..8d3f41734 100644
--- a/rules/windows/process_creation/win_susp_pester.yml
+++ b/rules/windows/process_creation/win_susp_pester.yml
@@ -9,6 +9,8 @@ date: 2020/10/08
 tags:
     - attack.defense_evasion
     - attack.t1216
+    - attack.execution
+    - attack.t1059.001
 logsource:
     category: process_creation
     product: windows