diff --git a/rules/apt/apt_apt29_tor.yml b/rules/apt/apt_apt29_tor.yml
index 9e4f8f98..b8d82523 100755
--- a/rules/apt/apt_apt29_tor.yml
+++ b/rules/apt/apt_apt29_tor.yml
@@ -21,7 +21,6 @@ detection:
 falsepositives:
     - Unknown
 level: high
-
 ---
 logsource:
     category: process_creation
diff --git a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
index 67115f26..e6ccc632 100644
--- a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
+++ b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
@@ -1,6 +1,6 @@
 title: Suspicious Encoded PowerShell Command Line
 id: ca2092a1-c273-4878-9b4b-0d60115bf5ea
-description: Detects suspicious powershell process starts with base64 encoded commands
+description: Detects suspicious powershell process starts with base64 encoded commands (e.g. Emotet)
 status: experimental
 references:
     - https://app.any.run/tasks/6217d77d-3189-4db2-a957-8ab239f3e01e