From d0b2c021ce4871fb276e5360e49acd5f74f95e00 Mon Sep 17 00:00:00 2001
From: Vasilisa-L <72190607+Vasilisa-L@users.noreply.github.com>
Date: Wed, 14 Oct 2020 16:57:58 +0300
Subject: [PATCH] attack.t1059.001 try 2

---
 rules/windows/process_creation/win_susp_pester.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_susp_pester.yml b/rules/windows/process_creation/win_susp_pester.yml
index 8d3f41734..41c888d69 100644
--- a/rules/windows/process_creation/win_susp_pester.yml
+++ b/rules/windows/process_creation/win_susp_pester.yml
@@ -7,10 +7,11 @@ references:
 author: Julia Fomina, oscd.community
 date: 2020/10/08
 tags:
-    - attack.defense_evasion
-    - attack.t1216
     - attack.execution
     - attack.t1059.001
+    - attack.t1086      # an old one
+    - attack.defense_evasion
+    - attack.t1216    
 logsource:
     category: process_creation
     product: windows