diff --git a/rules/windows/process_creation/win_mal_lockergoga.yml b/rules/windows/process_creation/win_mal_lockergoga.yml
index 29abe3276..3c46fe845 100644
--- a/rules/windows/process_creation/win_mal_lockergoga.yml
+++ b/rules/windows/process_creation/win_mal_lockergoga.yml
@@ -1,5 +1,5 @@
 title: LockerGoga Ransomware
-description: Detects LockaerGoga ransomware
+description: Detects a command that clears the WMI trace log which indicates LockaerGoga ransomware activity
 references:
     - https://abuse.io/lockergoga.txt
 author: Florian Roth
@@ -15,3 +15,4 @@ detection:
     selection:
         CommandLine: '* cl Microsoft-Windows-WMI-Activity/Trace'
     condition: selection
+