Merge PR #4916 from @frack113 - Move some rules to Emerging-Threats f…

…older

chore: OceanLotus Registry Activity - move to emerging-threats
chore: OilRig APT Registry Persistence - move to emerging-threats
chore: Potential Ursnif Malware Activity - Registry - move to emerging-threats
chore: Leviathan Registry Key Activity - move to emerging-threats

rules/windows/registry/registry_event/registry_event_apt_oceanlotus_registry.yml → rules-emerging-threats/2018/TA/APT32-Oceanlotus/registry_event_apt_oceanlotus_registry.yml

@@ -11,6 +11,7 @@ modified: 2023/09/28
 tags:
     - attack.defense_evasion
     - attack.t1112
+    - detection.emerging_threats
 logsource:
     category: registry_event
     product: windows

rules/windows/registry/registry_event/registry_event_apt_oilrig_mar18.yml → rules-emerging-threats/2018/TA/OilRig/registry_event_apt_oilrig_mar18.yml

@@ -24,6 +24,7 @@ tags:
     - attack.t1112
     - attack.command_and_control
     - attack.t1071.004
+    - detection.emerging_threats
 logsource:
     category: registry_event
     product: windows

rules/windows/registry/registry_add/registry_add_malware_ursnif.yml → rules-emerging-threats/2019/Malware/Ursnif/registry_add_malware_ursnif.yml

@@ -11,6 +11,7 @@ modified: 2023/02/07
 tags:
     - attack.execution
     - attack.t1112
+    - detection.emerging_threats
 logsource:
     product: windows
     category: registry_add

rules/windows/registry/registry_event/registry_event_apt_leviathan.yml → rules-emerging-threats/2020/TA/Leviathan/registry_event_apt_leviathan.yml

@@ -10,6 +10,7 @@ modified: 2023/09/19
 tags:
     - attack.persistence
     - attack.t1547.001
+    - detection.emerging_threats
 logsource:
     category: registry_event
     product: windows