Merge pull request SigmaHQ#2289 from V1D1AN/master

add tag mitre t1041
V1D1AN · Nov 20, 2021 · 76da6e3 · 76da6e3
2 parents 3eeeb81 + 83dee26
commit 76da6e3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/rules/network/net_apt_equationgroup_c2.yml b/rules/network/net_apt_equationgroup_c2.yml
@@ -24,4 +24,5 @@ falsepositives:
 level: high
 tags:
     - attack.command_and_control
-    - attack.g0020
+    - attack.g0020
+    - attack.t1041
diff --git a/rules/network/net_pua_cryptocoin_mining_xmr.yml b/rules/network/net_pua_cryptocoin_mining_xmr.yml
@@ -33,5 +33,9 @@ detection:
             - 'pool.hashvault.pro'
     condition: selection
 falsepositives:
-    - Legeitimate crypto coin mining
+    - Legitimate crypto coin mining
+tags:
+    - attack.impact
+    - attack.t1496
+    - attack.t1567
 level: high