From 666e6e86458c9d0583268372e334278aaece28ad Mon Sep 17 00:00:00 2001
From: cr1sp4 <61173578+cr1sp4@users.noreply.github.com>
Date: Fri, 29 Apr 2022 22:52:57 -0400
Subject: [PATCH] Update Desk.yml (#210)

Added Sigma rules.
---
 yml/OSLibraries/Desk.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/yml/OSLibraries/Desk.yml b/yml/OSLibraries/Desk.yml
index 110ac70..28a11c9 100644
--- a/yml/OSLibraries/Desk.yml
+++ b/yml/OSLibraries/Desk.yml
@@ -23,6 +23,8 @@ Full_Path:
   - Path: C:\Windows\SysWOW64\desk.cpl
 Detection:
   - IOC: 
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_new_src_file.yml
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_rundll32_installscreensaver.yml
 Resources:
   - Link: https://vxug.fakedoma.in/zines/29a/29a7/Articles/29A-7.030.txt
   - Link: https://twitter.com/pabraeken/status/998627081360695297
@@ -34,4 +36,6 @@ Acknowledgement:
     Handle: '@pabraeken'
   - Person: hai
     Handle: '@VakninHai'
+    Person: Christopher Peacock
+    Handle: '@SecurePeacock'
 ---