diff --git a/executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment.yml b/executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment.yml
new file mode 100644
index 000000000..799a0a57f
--- /dev/null
+++ b/executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment.yml
@@ -0,0 +1,19 @@
+rule:
+  meta:
+    name: bundled with .NET single-file deployment
+    namespace: executable/dotnet-singlefile
+    authors:
+      - sara.rincon@mandiant.com
+    scope: file
+    references:
+      - https://learn.microsoft.com/en-us/dotnet/core/deploying/single-file/overview?tabs=cli
+      - https://github.com/dotnet/runtime/blob/84de9b678613675e0444b265905c82d33dae33a8/src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs
+    examples:
+      - 0da87fccbf7687a6c7ab38087dea8b8f32c2b1fb6546101485b7167d18d9c406
+  features:
+    - or:
+      - and:
+        - match: contains PDB path
+        - string: "singlefilehost.pdb"
+          description: symbol file for the native executable when PublishSingleFile is true
+      - string: "Detected Single-File app bundle"
diff --git a/executable/installer/dotnet/packaged-as-single-file-dotnet-application.yml b/executable/dotnet-singlefile/packaged-as-single-file-dotnet-application.yml
similarity index 95%
rename from executable/installer/dotnet/packaged-as-single-file-dotnet-application.yml
rename to executable/dotnet-singlefile/packaged-as-single-file-dotnet-application.yml
index 999ef224a..ce43fd24b 100644
--- a/executable/installer/dotnet/packaged-as-single-file-dotnet-application.yml
+++ b/executable/dotnet-singlefile/packaged-as-single-file-dotnet-application.yml
@@ -1,7 +1,7 @@
 rule:
   meta:
     name: packaged as single-file .NET application
-    namespace: executable/installer/dotnet
+    namespace: executable/dotnet-singlefile
     authors:
       - michael.hunhoff@mandiant.com
     description: Single binary containing target .NET application and all application-dependent files
diff --git a/internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml b/internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml
new file mode 100644
index 000000000..f29348d02
--- /dev/null
+++ b/internal/limitation/file/internal-dotnet-single-file-deployment-limitation.yml
@@ -0,0 +1,19 @@
+rule:
+  meta:
+    name: (internal) .NET single file deployment limitation
+    namespace: internal/limitation/file
+    authors:
+      - sara.rincon@mandiant.com
+    description: |
+      This sample appears to be built with the single-file deployment in .NET.
+
+      Single-file deployment allows all the application-dependent files to be bundled into a single binary.
+      The size of the single file in a self-contained application is large since it includes the runtime and the framework libraries.
+      The main application and the libraries are contained in the overlay section.
+      You may need to extract the runtime configuration files such as *.deps.json and *.runtimeconfig.json files to determine the main .NET library and extract it with the tool SingleFileExtractor.
+    scope: file
+    examples:
+      - 0da87fccbf7687a6c7ab38087dea8b8f32c2b1fb6546101485b7167d18d9c406
+  features:
+    - or:
+      - match: executable/dotnet-singlefile