diff --git a/pkg/compile/compile.go b/pkg/compile/compile.go
index 2ec960a08..2cc3a9c05 100644
--- a/pkg/compile/compile.go
+++ b/pkg/compile/compile.go
@@ -31,6 +31,7 @@ var badRules = map[string]bool{
 	"ELASTIC_Macos_Creddump_Keychainaccess_535C1511":      true,
 	"SIGNATURE_BASE_Reconcommands_In_File":                true,
 	"SIGNATURE_BASE_Apt_CN_Tetrisplugins_JS":              true,
+	"CAPE_Sparkrat":                                       true,
 	// ThreatHunting Keywords (some duplicates)
 	"Adobe_XMP_Identifier":                       true,
 	"Antivirus_Signature_signature_keyword":      true,
diff --git a/rules/combo/degrader/edr_killer.yara b/rules/combo/degrader/edr_killer.yara
index 31282266f..882308e00 100644
--- a/rules/combo/degrader/edr_killer.yara
+++ b/rules/combo/degrader/edr_killer.yara
@@ -11,11 +11,12 @@ rule win_kill_proc_likely : high {
 	$debug_uhf = "UnhandledExceptionFilter"
 	$kill_gmh = "GetModuleHandle"
 	$kill_tp = "TerminateProcess"
+
   condition:
-	filesize < 1MB and 1 of ($kill*) and 2 of ($debug*) and 1 of ($f*) 
+	filesize < 1MB and 1 of ($kill*) and 2 of ($debug*) and 1 of ($f*)
 }
 
-rule win_kill_proc : critical {
+rule win_kill_proc : high {
   meta:
     description = "Windows EDR/Antivirus bypass"
   strings:
@@ -28,8 +29,9 @@ rule win_kill_proc : critical {
 	$debug_uhf = "UnhandledExceptionFilter"
 	$kill_gmh = "GetModuleHandle"
 	$kill_tp = "TerminateProcess"
+
   condition:
-	filesize < 1MB and all of ($kill*) and 3 of ($debug*) and 1 of ($f*) 
+	filesize < 1MB and all of ($kill*) and 3 of ($debug*) and 1 of ($f*)
 }
 
 rule edr_stopper : critical {
@@ -40,4 +42,4 @@ rule edr_stopper : critical {
 	$stop = "stopservice"
   condition:
 	filesize < 1MB and $stop and any of ($kind*)
-}
\ No newline at end of file
+}
diff --git a/rules/combo/stealer/browser.yara b/rules/combo/stealer/browser.yara
index 495e03aad..f7c935b7a 100644
--- a/rules/combo/stealer/browser.yara
+++ b/rules/combo/stealer/browser.yara
@@ -21,7 +21,7 @@ rule multiple_browser_credentials : high {
     3 of ($c_*) and none of ($not_*)
 }
 
-rule multiple_browser_refs : critical {
+rule multiple_browser_refs : high {
   meta:
     description = "Makes references to multiple browser credentials"
     hash_1985_actions_UserGet = "e3a457ec75e3a042fb34fa6d49e0e833265d21d26c4e0119aaa1b6ec8a9460ec"
@@ -152,4 +152,4 @@ rule chrome_encrypted_cookies : critical {
 		$select = /SELECT.{0,64}encrypted_value{0,64}cookies/
 	condition:
 		$select
-}
\ No newline at end of file
+}
diff --git a/rules/combo/stealer/crypto.yara b/rules/combo/stealer/crypto.yara
index c90e49ce4..591008ee3 100644
--- a/rules/combo/stealer/crypto.yara
+++ b/rules/combo/stealer/crypto.yara
@@ -1,4 +1,4 @@
-rule js_crypto_stealer : critical {
+rule js_crypto_stealer : high {
   meta:
     description = "steals private cryptographic data"
   strings:
@@ -11,6 +11,7 @@ rule js_crypto_stealer : critical {
     $url = /https{0,1}:\/\/[\w][\w\.\/\-_\?=\@]{8,64}/
 
 	$POST = "POST"
+
   condition:
 	filesize < 50KB and $url and $POST and any of ($pk*)
 }
diff --git a/rules/obfuscation/js/char_codes.yara b/rules/obfuscation/js/char_codes.yara
index eca3b342f..f67962494 100644
--- a/rules/obfuscation/js/char_codes.yara
+++ b/rules/obfuscation/js/char_codes.yara
@@ -1,6 +1,6 @@
 import "math"
 
-rule child_process : critical {
+rule child_process : high {
 	meta:
 		description = "obfuscated javascript that relies on character manipulation"
 		filetypes = "javascript"
@@ -16,6 +16,7 @@ rule child_process : critical {
 		$const = "const "
 		$function = "function("
 		$return = "{return"
+
 	condition:
 		filesize < 128KB and all of them
 }
diff --git a/rules/obfuscation/js/function_spam.yara b/rules/obfuscation/js/function_spam.yara
index 1df70165f..0d6f36fbf 100644
--- a/rules/obfuscation/js/function_spam.yara
+++ b/rules/obfuscation/js/function_spam.yara
@@ -1,10 +1,11 @@
-rule js_const_func_obfuscation : critical {
+rule js_const_func_obfuscation : medium {
 	meta:
 		description = "javascript obfuscation (excessive const functions)"
 	strings:
 		$const = "const "
 		$function = "function("
 		$return = "{return"
+
 	condition:
 		filesize < 256KB and #const > 32 and #function > 48 and #return > 64
 }
diff --git a/rules/obfuscation/js/parseInt.yara b/rules/obfuscation/js/parseInt.yara
index 236d0c13a..d2b6de23a 100644
--- a/rules/obfuscation/js/parseInt.yara
+++ b/rules/obfuscation/js/parseInt.yara
@@ -1,4 +1,4 @@
-rule js_const_func_obfuscation : critical {
+rule js_const_func_obfuscation : high {
 	meta:
 		description = "javascript obfuscation (integer parsing)"
 		filetypes = "javascript"
@@ -7,6 +7,7 @@ rule js_const_func_obfuscation : critical {
 		$function = "function("
 		$return = "{return"
 		$parseInt = "parseInt"
+
 	condition:
 		filesize < 256KB and #const > 16 and #function > 32 and #parseInt > 8 and #return > 32
 }