diff --git a/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml b/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
index a25ed13bc..3d3b48e65 100644
--- a/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
+++ b/rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
@@ -1,11 +1,15 @@
-title: Nslookup PowerShell Download
+title: Nslookup PowerShell Download Cradle - ProcessCreation
 id: 1b3b01c7-84e9-4072-86e5-fc285a41ff23
+related:
+    - id: 72671447-4352-4413-bb91-b85569687135
+      type: obsoletes
 status: experimental
-description: Detects usage of powershell in conjunction with nslookup as a mean of download.
+description: Detects suspicious powershell download cradle using nslookup. This cradle uses nslookup to extract payloads from DNS records
 references:
     - https://twitter.com/Alh4zr3d/status/1566489367232651264
 author: Nasreddine Bencherchali
 date: 2022/09/05
+modified: 2022/12/12
 tags:
     - attack.defense_evasion
 logsource: