diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml
deleted file mode 100644
index cbbe8e531..000000000
--- a/rules/windows/builtin/win_possible_dc_shadow.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-title: Potential DCShadow
-description: Monitors SPN modifications to detect DCShadow behavior.
-author: Chakib Gzenayi (@Chak92), Hosni Mribah
-tags:
-    - attack.defense_evasion
-    - attack.t1207
-logsource:
-    product: windows
-    service: system
-detection:
-    selection:
-        EventID: 5136
-        LDAP_Display_Name: servicePrincipalName
-        Value: 'GC/*'
-    condition: selection
-falsepositives:
-    - Exclude known DCs
-level: high