Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002

chore: update MITRE tag t1219 to t1219.002

rules-emerging-threats/2023/Malware/dns_query_win_malware_socgholish_second_stage_c2.yml

@@ -10,7 +10,7 @@ author: Dusty Miller
 date: 2023-02-23
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
     - detection.emerging-threats
 logsource:
     product: windows

rules-emerging-threats/2024/Malware/CSharp-Streamer/image_load_malware_csharp_streamer_dotnet_load.yml

@@ -10,7 +10,7 @@ author: Luca Di Bartolomeo
 date: 2024-06-22
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
     - detection.emerging-threats
 logsource:
     category: image_load

rules-threat-hunting/windows/process_creation/proc_creation_win_remote_access_tools_action1_code_exec_and_remote_sessions.yml

@@ -25,7 +25,7 @@ author: '@kostastsale'
 date: 2023-04-13
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
     - detection.threat-hunting
 logsource:
     category: process_creation

rules/category/antivirus/av_exploiting.yml

@@ -16,7 +16,7 @@ tags:
     - attack.execution
     - attack.t1203
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: antivirus
 detection:

rules/linux/process_creation/proc_creation_lnx_ssm_agent_abuse.yml

@@ -11,7 +11,7 @@ date: 2023-08-03
 tags:
     - attack.command-and-control
     - attack.persistence
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: linux

rules/windows/builtin/application/msiinstaller/win_software_atera_rmm_agent_install.yml

@@ -9,7 +9,7 @@ date: 2021-09-01
 modified: 2022-12-25
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     service: application
     product: windows

rules/windows/builtin/ntlm/win_susp_ntlm_rdp.yml

@@ -9,7 +9,7 @@ date: 2020-05-22
 modified: 2021-11-27
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     service: ntlm

rules/windows/builtin/system/service_control_manager/win_system_service_install_mesh_agent.yml

@@ -8,7 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022-11-28
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     service: system

rules/windows/builtin/system/service_control_manager/win_system_service_install_tacticalrmm.yml

@@ -8,7 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2022-11-28
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     service: system

rules/windows/dns_query/dns_query_win_domain_azurewebsites.yml

@@ -15,7 +15,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2024-06-24
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: dns_query

rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml

@@ -26,7 +26,7 @@ date: 2022-07-11
 modified: 2024-12-17
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: dns_query

rules/windows/dns_query/dns_query_win_teamviewer_domain_query_by_uncommon_app.yml

@@ -9,7 +9,7 @@ date: 2022-01-30
 modified: 2023-09-18
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: dns_query

rules/windows/file/file_event/file_event_win_anydesk_artefact.yml

@@ -12,7 +12,7 @@ date: 2022-02-11
 modified: 2024-07-20
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: file_event
     product: windows

rules/windows/file/file_event/file_event_win_anydesk_writing_susp_binaries.yml

@@ -13,7 +13,7 @@ date: 2022-09-28
 modified: 2025-02-24
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/file/file_event/file_event_win_gotoopener_artefact.yml

@@ -11,7 +11,7 @@ author: frack113
 date: 2022-02-13
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: file_event
     product: windows

rules/windows/file/file_event/file_event_win_hktl_inveigh_artefacts.yml

@@ -11,7 +11,7 @@ date: 2022-10-24
 modified: 2024-06-27
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/file/file_event/file_event_win_hktl_krbrelay_remote_ioc.yml

@@ -8,7 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2024-06-27
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/file/file_event/file_event_win_install_teamviewer_desktop.yml

@@ -8,7 +8,7 @@ author: frack113
 date: 2022-01-28
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/file/file_event/file_event_win_remote_access_tools_screenconnect_artefact.yml

@@ -11,7 +11,7 @@ author: frack113
 date: 2022-02-13
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: file_event
     product: windows

rules/windows/file/file_event/file_event_win_susp_teamviewer_remote_session.yml

@@ -8,7 +8,7 @@ author: Florian Roth (Nextron Systems)
 date: 2022-01-30
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/file/file_event/file_event_win_tsclient_filewrite_startup.yml

@@ -9,7 +9,7 @@ date: 2019-02-21
 modified: 2021-11-27
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: file_event

rules/windows/network_connection/net_connection_win_remote_access_tools_anydesk_incoming_connection.yml

@@ -12,7 +12,7 @@ modified: 2025-02-24
 tags:
     - attack.persistence
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: network_connection
     product: windows

rules/windows/process_creation/proc_creation_win_mstsc_run_local_rdp_file.yml

@@ -10,7 +10,7 @@ date: 2023-04-18
 modified: 2023-04-30
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_mstsc_run_local_rdp_file_susp_location.yml

@@ -9,7 +9,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023-04-18
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_quickassist_execution.yml

@@ -12,7 +12,7 @@ author: Muhammad Faisal (@faisalusuf)
 date: 2024-12-19
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk.yml

@@ -16,7 +16,7 @@ date: 2022-02-11
 modified: 2025-02-24
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_piped_password_via_cli.yml

@@ -9,7 +9,7 @@ date: 2022-09-28
 modified: 2023-03-05
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_silent_install.yml

@@ -10,7 +10,7 @@ date: 2021-08-06
 modified: 2023-03-05
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_anydesk_susp_exec.yml

@@ -16,7 +16,7 @@ date: 2022-05-20
 modified: 2025-02-24
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_gotoopener.yml

@@ -12,7 +12,7 @@ date: 2022-02-13
 modified: 2023-03-05
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_logmein.yml

@@ -12,7 +12,7 @@ date: 2022-02-11
 modified: 2023-03-05
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_meshagent_exec.yml

@@ -12,7 +12,7 @@ author: '@Kostastsale'
 date: 2024-09-22
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: process_creation

rules/windows/process_creation/proc_creation_win_remote_access_tools_netsupport.yml

@@ -12,7 +12,7 @@ date: 2022-09-25
 modified: 2023-03-06
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_screenconnect.yml

@@ -12,7 +12,7 @@ date: 2022-02-13
 modified: 2023-03-05
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_screenconnect_remote_execution_susp.yml

@@ -16,7 +16,7 @@ date: 2022-02-25
 modified: 2024-02-28
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     product: windows
     category: process_creation

rules/windows/process_creation/proc_creation_win_remote_access_tools_simple_help.yml

@@ -11,7 +11,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
 date: 2024-02-23
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_remote_access_tools_ultraviewer.yml

@@ -12,7 +12,7 @@ date: 2022-09-25
 modified: 2024-03-14
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_ssm_agent_abuse.yml

@@ -11,7 +11,7 @@ date: 2023-08-02
 tags:
     - attack.command-and-control
     - attack.persistence
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_tscon_localsystem.yml

@@ -11,7 +11,7 @@ date: 2018-03-17
 modified: 2022-05-27
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows

rules/windows/process_creation/proc_creation_win_ultravnc.yml

@@ -8,7 +8,7 @@ author: frack113
 date: 2022-10-02
 tags:
     - attack.command-and-control
-    - attack.t1219
+    - attack.t1219.002
 logsource:
     category: process_creation
     product: windows