diff --git a/rules/windows/process_creation/proc_creation_win_apt_actinium_persistence.yml b/rules/windows/process_creation/proc_creation_win_apt_actinium_persistence.yml
index 72a1a2001..1327937e7 100644
--- a/rules/windows/process_creation/proc_creation_win_apt_actinium_persistence.yml
+++ b/rules/windows/process_creation/proc_creation_win_apt_actinium_persistence.yml
@@ -23,3 +23,7 @@ fields:
 falsepositives:
   - Unlikely
 level: high
+tags: 
+    - attack.persistence
+    - attack.T1053
+    - attack.t1053.005