diff --git a/host-interaction/clipboard/read-clipboard-data.yml b/host-interaction/clipboard/read-clipboard-data.yml
index 8d5447855..f920f8f65 100644
--- a/host-interaction/clipboard/read-clipboard-data.yml
+++ b/host-interaction/clipboard/read-clipboard-data.yml
@@ -8,6 +8,8 @@ rule:
     scope: function
     att&ck:
       - Collection::Clipboard Data [T1115]
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/dataxchg/using-the-clipboard
     examples:
       - C91887D861D9BD4A5872249B641BC9F9:0x40156F
       - 93dfc146f60bd796eb28d4e4f348f2e4:0x401050
@@ -15,13 +17,18 @@ rule:
     - and:
       - optional:
         - match: open clipboard
+        - match: contain loop
+        - api: kernel32.GlobalAlloc
+        - api: kernel32.GlobalLock
+        - api: kernel32.GlobalUnlock
       - or:
-        - and:
-          - api: user32.GetClipboardData
-          - optional:
-            - number: 0x1 = CF_TEXT
-            - number: 0x7 = CF_OEMTEXT
-            - number: 0xD = CF_UNICODETEXT
+        - basic block:
+          - and:
+            - api: user32.GetClipboardData
+            - optional:
+              - number: 0x1 = CF_TEXT
+              - number: 0x7 = CF_OEMTEXT
+              - number: 0xD = CF_UNICODETEXT
         - api: System.Windows.Forms.Clipboard::GetAudioStream
         - api: System.Windows.Forms.Clipboard::GetData
         - api: System.Windows.Forms.Clipboard::GetDataObject
diff --git a/host-interaction/clipboard/replace-clipboard-data.yml b/host-interaction/clipboard/replace-clipboard-data.yml
deleted file mode 100644
index 3b2bb7935..000000000
--- a/host-interaction/clipboard/replace-clipboard-data.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-rule:
-  meta:
-    name: replace clipboard data
-    namespace: host-interaction/clipboard
-    authors:
-      - michael.hunhoff@mandiant.com
-    scope: function
-    mbc:
-      - Impact::Clipboard Modification [E1510]
-    examples:
-      - 6f99a2c8944cb02ff28c6f9ced59b161:0x403180
-  features:
-    - and:
-      - optional:
-        - match: open clipboard
-      - match: write clipboard data
-      - api: user32.EmptyClipboard
diff --git a/host-interaction/clipboard/write-clipboard-data.yml b/host-interaction/clipboard/write-clipboard-data.yml
index 5502b1e86..cbc655c0e 100644
--- a/host-interaction/clipboard/write-clipboard-data.yml
+++ b/host-interaction/clipboard/write-clipboard-data.yml
@@ -8,12 +8,16 @@ rule:
     scope: function
     mbc:
       - Impact::Clipboard Modification [E1510]
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/dataxchg/using-the-clipboard
     examples:
       - 6F99A2C8944CB02FF28C6F9CED59B161:0x403180
   features:
     - and:
       - optional:
         - match: open clipboard
+        - api: user32.EmptyClipboard
+        - api: System.Windows.Forms.Clipboard::Clear
       - or:
         - api: user32.SetClipboardData
         - api: System.Windows.Forms.Clipboard::SetAudio