Merge pull request #2887 from frack113/fix_tag

frack113 · web-flow · commit 77e05ab76287 · 2022-04-07T22:34:23.000+02:00
Update tags
diff --git a/rules/windows/process_creation/proc_creation_win_infdefaultinstall.yml b/rules/windows/process_creation/proc_creation_win_infdefaultinstall.yml
@@ -5,11 +5,8 @@ author: frack113
 date: 2021/07/13
 description: Executes SCT script using scrobj.dll from a command in entered into a specially prepared INF file.
 references:
-    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md
+    - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md#atomic-test-4---infdefaultinstallexe-inf-execution
     - https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml
-tags:
-    - attack.defense_evasion
-    - attack.t1562.001
 logsource:
     category: process_creation
     product: windows
@@ -27,3 +24,6 @@ fields:
 falsepositives:
     - Unknown
 level: medium
+tags:
+    - attack.defense_evasion
+    - attack.t1218
