diff --git a/internal/limitation/dynamic/internal-dotnet-file-limitation.yml b/internal/limitation/dynamic/internal-dotnet-file-limitation.yml
new file mode 100644
index 000000000..7ef12bb92
--- /dev/null
+++ b/internal/limitation/dynamic/internal-dotnet-file-limitation.yml
@@ -0,0 +1,23 @@
+rule:
+  meta:
+    name: (internal) .NET file limitation
+    namespace: internal/limitation/dynamic
+    authors:
+      - "@v1bh475u"
+    description: |
+      This dynamic analysis trace describes a .NET file.
+
+      capa rules are not yet tuned for the .NET runtime, 
+      so its analysis may be incomplete or misleading.
+    scopes:
+      static: unsupported
+      dynamic: file
+    examples:
+      - 2f8a79b12a7a989ac7e5f6ec65050036588a92e65aeb6841e08dc228ff0e21b4_min_archive.zip
+  features:
+    - or:
+      - format: dotnet
+      - import: mscoree._CorExeMain
+      - import: mscoree._corexemain
+      - import: mscoree._CorDllMain
+      - import: mscoree._cordllmain
diff --git a/internal/limitation/file/README.md b/internal/limitation/static/README.md
similarity index 100%
rename from internal/limitation/file/README.md
rename to internal/limitation/static/README.md
diff --git a/internal/limitation/file/internal-autohotkey-file-limitation.yml b/internal/limitation/static/internal-autohotkey-file-limitation.yml
similarity index 94%
rename from internal/limitation/file/internal-autohotkey-file-limitation.yml
rename to internal/limitation/static/internal-autohotkey-file-limitation.yml
index e68932daf..cbacaf63c 100644
--- a/internal/limitation/file/internal-autohotkey-file-limitation.yml
+++ b/internal/limitation/static/internal-autohotkey-file-limitation.yml
@@ -1,7 +1,7 @@
 rule:
   meta:
     name: (internal) autohotkey file limitation
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - "@mr-tz"
     description: |
diff --git a/internal/limitation/file/internal-autoit-file-limitation.yml b/internal/limitation/static/internal-autoit-file-limitation.yml
similarity index 95%
rename from internal/limitation/file/internal-autoit-file-limitation.yml
rename to internal/limitation/static/internal-autoit-file-limitation.yml
index c687e4c83..fc940bf13 100644
--- a/internal/limitation/file/internal-autoit-file-limitation.yml
+++ b/internal/limitation/static/internal-autoit-file-limitation.yml
@@ -4,7 +4,7 @@ rule:
     # capa will detect dozens of capabilities for AutoIt samples,
     # but these are due to the AutoIt runtime, not the payload script.
     # so, don't confuse the user with FP matches - bail instead
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - william.ballenthin@mandiant.com
     description: |
diff --git a/internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml b/internal/limitation/static/internal-dotnet-single-file-deployment-limitation.yml
similarity index 95%
rename from internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml
rename to internal/limitation/static/internal-dotnet-single-file-deployment-limitation.yml
index a327840e7..d84bd5c8c 100644
--- a/internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml
+++ b/internal/limitation/static/internal-dotnet-single-file-deployment-limitation.yml
@@ -1,7 +1,7 @@
 rule:
   meta:
     name: (internal) .NET single file deployment limitation
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - sara.rincon@mandiant.com
     description: |
diff --git a/internal/limitation/file/internal-installer-file-limitation.yml b/internal/limitation/static/internal-installer-file-limitation.yml
similarity index 93%
rename from internal/limitation/file/internal-installer-file-limitation.yml
rename to internal/limitation/static/internal-installer-file-limitation.yml
index 0499a1386..ab5324c26 100644
--- a/internal/limitation/file/internal-installer-file-limitation.yml
+++ b/internal/limitation/static/internal-installer-file-limitation.yml
@@ -3,7 +3,7 @@ rule:
     name: (internal) installer file limitation
     # capa will likely detect installer specific functionality.
     # this is probably not what the user wants.
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - william.ballenthin@mandiant.com
     description: |
diff --git a/internal/limitation/file/internal-packer-file-limitation.yml b/internal/limitation/static/internal-packer-file-limitation.yml
similarity index 94%
rename from internal/limitation/file/internal-packer-file-limitation.yml
rename to internal/limitation/static/internal-packer-file-limitation.yml
index bd983a65a..505d9de55 100644
--- a/internal/limitation/file/internal-packer-file-limitation.yml
+++ b/internal/limitation/static/internal-packer-file-limitation.yml
@@ -1,7 +1,7 @@
 rule:
   meta:
     name: (internal) packer file limitation
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - william.ballenthin@mandiant.com
     description: |
diff --git a/internal/limitation/file/internal-visual-basic-file-limitation.yml b/internal/limitation/static/internal-visual-basic-file-limitation.yml
similarity index 94%
rename from internal/limitation/file/internal-visual-basic-file-limitation.yml
rename to internal/limitation/static/internal-visual-basic-file-limitation.yml
index 2eba6c040..e79de7963 100644
--- a/internal/limitation/file/internal-visual-basic-file-limitation.yml
+++ b/internal/limitation/static/internal-visual-basic-file-limitation.yml
@@ -1,7 +1,7 @@
 rule:
   meta:
     name: (internal) Visual Basic file limitation
-    namespace: internal/limitation/file
+    namespace: internal/limitation/static
     authors:
       - "@mr-tz"
     description: |