Merge PR #5966 from @nasbench - Update mitre tags to use attack v19

chore: update mitre tags to use attack v19

Author: nasbench

rules-emerging-threats/2014/TA/Axiom/proc_creation_win_apt_zxshell.yml

@@ -10,8 +10,8 @@ date: 2017-07-20
 modified: 2021-11-27
 tags:
     - attack.execution
+    - attack.stealth
     - attack.t1059.003
-    - attack.defense-evasion
     - attack.t1218.011
     - attack.s0412
     - attack.g0001

rules-emerging-threats/2014/TA/Turla/proc_creation_win_apt_turla_comrat_may20.yml

@@ -10,7 +10,7 @@ modified: 2025-10-19
 tags:
     - attack.privilege-escalation
     - attack.persistence
-    - attack.defense-evasion
+    - attack.stealth
     - attack.g0010
     - attack.execution
     - attack.t1059.001

rules-emerging-threats/2015/Exploits/CVE-2015-1641/proc_creation_win_exploit_cve_2015_1641.yml

@@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems)
 date: 2018-02-22
 modified: 2021-11-27
 tags:
-    - attack.defense-evasion
+    - attack.stealth
     - attack.t1036.005
     - cve.2015-1641
     - detection.emerging-threats

rules-emerging-threats/2017/Malware/Fireball/proc_creation_win_malware_fireball.yml

@@ -10,7 +10,7 @@ date: 2017-06-03
 modified: 2021-11-27
 tags:
     - attack.execution
-    - attack.defense-evasion
+    - attack.stealth
     - attack.t1218.011
     - detection.emerging-threats
 logsource:

rules-emerging-threats/2017/Malware/Hancitor/proc_access_win_malware_verclsid_shellcode.yml

@@ -8,8 +8,8 @@ author: John Lambert (tech), Florian Roth (Nextron Systems)
 date: 2017-03-04
 modified: 2021-11-27
 tags:
-    - attack.defense-evasion
     - attack.privilege-escalation
+    - attack.stealth
     - attack.t1055
     - detection.emerging-threats
 logsource:

rules-emerging-threats/2017/Malware/NotPetya/proc_creation_win_malware_notpetya.yml

@@ -9,9 +9,10 @@ author: Florian Roth (Nextron Systems), Tom Ueltschi
 date: 2019-01-16
 modified: 2022-12-15
 tags:
-    - attack.defense-evasion
+    - attack.stealth
+    - attack.defense-impairment
     - attack.t1218.011
-    - attack.t1070.001
+    - attack.t1685.005
     - attack.credential-access
     - attack.t1003.001
     - car.2016-04-002

rules-emerging-threats/2017/Malware/PlugX/proc_creation_win_malware_plugx_susp_exe_locations.yml

@@ -11,8 +11,9 @@ modified: 2023-02-03
 tags:
     - attack.privilege-escalation
     - attack.persistence
+    - attack.execution
+    - attack.stealth
     - attack.s0013
-    - attack.defense-evasion
     - attack.t1574.001
     - detection.emerging-threats
 logsource:

rules-emerging-threats/2017/Malware/WannaCry/proc_creation_win_malware_wannacry.yml

@@ -10,10 +10,10 @@ date: 2019-01-16
 modified: 2025-10-18
 tags:
     - attack.lateral-movement
+    - attack.defense-impairment
     - attack.t1210
     - attack.discovery
     - attack.t1083
-    - attack.defense-evasion
     - attack.t1222.001
     - attack.impact
     - attack.t1486

rules-emerging-threats/2017/TA/Dragonfly/proc_creation_win_apt_ta17_293a_ps.yml

@@ -8,7 +8,7 @@ author: Florian Roth (Nextron Systems)
 date: 2017-10-22
 modified: 2023-05-02
 tags:
-    - attack.defense-evasion
+    - attack.stealth
     - attack.g0035
     - attack.t1036.003
     - car.2013-05-009

rules-emerging-threats/2017/TA/Lazarus/proc_creation_win_apt_lazarus_binary_masquerading.yml

@@ -8,7 +8,7 @@ author: Trent Liffick (@tliffick), Bartlomiej Czyz (@bczyz1)
 date: 2020-06-03
 modified: 2023-03-10
 tags:
-    - attack.defense-evasion
+    - attack.stealth
     - attack.t1036.005
     - detection.emerging-threats
 logsource: