diff --git a/rules/windows/sysmon/sysmon_mimikatz_сreds_dump.yml b/rules/windows/sysmon/sysmon_mimikatz_сreds_dump.yml
deleted file mode 100644
index 4c2c1461..00000000
--- a/rules/windows/sysmon/sysmon_mimikatz_сreds_dump.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-title: Mimikatz сred access dump
-description: Detects process access to LSASS which is typical for like Mimikatz tools different version
-references:
-  - http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf
-tags:
-  - attack.credential_access
-  - attack.t1003
-status: experimental
-author: Aleksey Potapov, oscd.community
-date: 2019/10/23
-logsource:
-  product: windows
-  service: sysmon
-detection:
-  selection:
-    EventID: 10
-    TargetImage: 'C:\windows\system32\lsass.exe'
-    GrantedAccess:
-      - '0x1410'
-      - '0x1010'
-      - '0x143a'
-  condition: selection
-falsepositives:
-  - unknown
-level: high
\ No newline at end of file