chore: move more rules

rules-deprecated/windows/proc_creation_win_apt_ta505_dropper.yml

@@ -1,12 +1,12 @@
 title: TA505 Dropper Load Pattern
 id: 18cf6cf0-39b0-4c22-9593-e244bdc9a2d4
-status: test
+status: deprecated
 description: Detects mshta loaded by wmiprvse as parent as used by TA505 malicious documents
 references:
     - https://twitter.com/ForensicITGuy/status/1334734244120309760
 author: Florian Roth (Nextron Systems)
 date: 2020/12/08
-modified: 2022/03/31
+modified: 2023/04/05
 tags:
     - attack.execution
     - attack.g0092

rules/windows/process_creation/proc_creation_win_wmiprvse_susp_child_processes.yml

@@ -5,13 +5,16 @@ related:
       type: similar
     - id: d21374ff-f574-44a7-9998-4a8c8bf33d7d
       type: similar
+    - id: 18cf6cf0-39b0-4c22-9593-e244bdc9a2d4
+      type: obsoletes
 status: test
 description: Detects suspicious and uncommon child processes of WmiPrvSE
 references:
     - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
     - https://github.com/vadim-hunter/Detection-Ideas-Rules/blob/02bcbfc2bfb8b4da601bb30de0344ae453aa1afe/Threat%20Intelligence/The%20DFIR%20Report/20210329_Sodinokibi_(aka_REvil)_Ransomware.yaml
     - https://blog.osarmor.com/319/onenote-attachment-delivers-asyncrat-malware/
-author: Vadim Khrykov (ThreatIntel), Cyb3rEng
+    - https://twitter.com/ForensicITGuy/status/1334734244120309760
+author: Vadim Khrykov (ThreatIntel), Cyb3rEng, Florian Roth (Nextron Systems)
 date: 2021/08/23
 modified: 2023/03/23
 tags: