From cfccdea28ea91f0e43c6fdc1419c4e71bb21286a Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Tue, 6 Jul 2021 10:09:47 +0200
Subject: [PATCH] change OriginalFilename case

---
 rules/windows/process_creation/win_purplesharp_indicators.yml | 3 ++-
 rules/windows/process_creation/win_susp_renamed_paexec.yml    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/win_purplesharp_indicators.yml b/rules/windows/process_creation/win_purplesharp_indicators.yml
index 503b7a656..29ae7a7ad 100644
--- a/rules/windows/process_creation/win_purplesharp_indicators.yml
+++ b/rules/windows/process_creation/win_purplesharp_indicators.yml
@@ -4,6 +4,7 @@ status: experimental
 description: Detect
 author: Florian Roth
 date: 2021/06/18
+modified: 2021/07/06
 references:
     - https://github.com/mvelazc0/PurpleSharp
 logsource:
@@ -15,7 +16,7 @@ detection:
             - xyz123456.exe
             - PurpleSharp
     selection2:
-        OriginalFilename: 
+        OriginalFileName: 
             - 'PurpleSharp.exe'
     condition: selection1 or selection2
 falsepositives:
diff --git a/rules/windows/process_creation/win_susp_renamed_paexec.yml b/rules/windows/process_creation/win_susp_renamed_paexec.yml
index cc1d5f209..7c51c620a 100644
--- a/rules/windows/process_creation/win_susp_renamed_paexec.yml
+++ b/rules/windows/process_creation/win_susp_renamed_paexec.yml
@@ -6,6 +6,7 @@ references:
     - https://www.poweradmin.com/paexec/
 author: Florian Roth
 date: 2021/05/22
+modified: 2021/07/06
 logsource:
     category: process_creation
     product: windows
@@ -13,7 +14,7 @@ detection:
     selection1:
         Description: 'PAExec Application'
     selection2:
-        OriginalFilename: 'PAExec.exe'
+        OriginalFileName: 'PAExec.exe'
     filter:
         Image|endswith: 
             - '\PAexec.exe'