diff --git a/rules/windows/sysmon/sysmon_susp_mshta.yml b/rules/windows/sysmon/sysmon_susp_mshta.yml
deleted file mode 100644
index b57486795..000000000
--- a/rules/windows/sysmon/sysmon_susp_mshta.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-title: Suspicious MSHTA Child
-status: experimental
-description: Detects a Microsoft HTML Application Host execution a suspicious child process
-reference: https://twitter.com/wdormann/status/851615583099650049
-author: Florian Roth
-logsource:
-    product: windows
-    service: sysmon
-detection:
-    selection:
-        EventID: 1
-        ParentImage: '*\mshta.exe'
-    condition: selection
-falsepositives:
-    - unknown
-level: high
-