diff --git a/yml/OSBinaries/Diskshadow.yml b/yml/OSBinaries/Diskshadow.yml
index 7fb9a18..a3ddba2 100644
--- a/yml/OSBinaries/Diskshadow.yml
+++ b/yml/OSBinaries/Diskshadow.yml
@@ -11,6 +11,9 @@ Commands:
     Privileges: User
     MitreID: T1003.003
     OperatingSystem: Windows server
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
   - Command: diskshadow> exec calc.exe
     Description: Execute commands using diskshadow.exe to spawn child process
     Usecase: Use diskshadow to bypass defensive counter measures
@@ -18,6 +21,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows server
+    Tags:
+      - Execute: CMD
+      - Input: Custom Format
 Full_Path:
   - Path: C:\Windows\System32\diskshadow.exe
   - Path: C:\Windows\SysWOW64\diskshadow.exe