diff --git a/rules/windows/process_creation/win_dns_exfiltration_tools_execution.yml b/rules/windows/process_creation/win_dns_exfiltration_tools_execution.yml
index 526797bde..1cd5cc9fb 100644
--- a/rules/windows/process_creation/win_dns_exfiltration_tools_execution.yml
+++ b/rules/windows/process_creation/win_dns_exfiltration_tools_execution.yml
@@ -1,4 +1,4 @@
-title: DNS Exfiltration Tools Execution
+title: DNS Exfiltration and Tunneling Tools Execution
 id: 98a96a5a-64a0-4c42-92c5-489da3866cb0
 description: Well-known DNS Exfiltration tools execution
 status: experimental
diff --git a/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml b/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml
index d09343a96..f33ab3dec 100644
--- a/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml
+++ b/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml
@@ -8,6 +8,8 @@ modified: 2020/08/29
 tags:
     - attack.exfiltration
     - attack.command_and_control
+    - attack.t1043   # an old one
+    - attack.t1041
     - attack.t1572
     - attack.t1071.001
 logsource: