From 0228c36faadf5e7542ca2167aacd1682310077cd Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Fri, 4 Oct 2024 10:14:10 +0200
Subject: [PATCH] disable for dynamic scope

---
 .../anti-vm/vm-detection/check-for-unmoving-mouse-cursor.yml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/anti-analysis/anti-vm/vm-detection/check-for-unmoving-mouse-cursor.yml b/anti-analysis/anti-vm/vm-detection/check-for-unmoving-mouse-cursor.yml
index e9f398a8..00120e00 100644
--- a/anti-analysis/anti-vm/vm-detection/check-for-unmoving-mouse-cursor.yml
+++ b/anti-analysis/anti-vm/vm-detection/check-for-unmoving-mouse-cursor.yml
@@ -6,7 +6,7 @@ rule:
       - BitsOfBinary
     scopes:
       static: function
-      dynamic: thread
+      dynamic: unsupported  # too broad using thread scope, see #941
     att&ck:
       - Defense Evasion::Virtualization/Sandbox Evasion::User Activity Based Checks [T1497.002]
     mbc: