diff --git a/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml b/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
index 648e4f754..d377abd26 100644
--- a/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
+++ b/rules/linux/process_creation/proc_creation_lnx_pua_trufflehog.yml
@@ -15,6 +15,7 @@ author: Swachchhanda Shrawan Poudel (Nextron Systems)
 date: 2025-09-24
 tags:
     - attack.discovery
+    - attack.credential-access
     - attack.t1083
     - attack.t1552.001
 logsource:
diff --git a/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml b/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
index 2103a0443..18b2baa17 100644
--- a/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
+++ b/rules/windows/process_creation/proc_creation_win_pua_trufflehog.yml
@@ -15,6 +15,7 @@ author: Swachchhanda Shrawan Poudel (Nextron Systems)
 date: 2025-09-24
 tags:
     - attack.discovery
+    - attack.credential-access
     - attack.t1083
     - attack.t1552.001
 logsource: