Add tool 'BadPotato' to clusters/tool.json

2022-03-14 18:02:02 +01:00 · 2022-03-14 18:02:02 +01:00 · 99ab2a13d6
parent b978bb1c86
commit 99ab2a13d6
1 changed files with 14 additions and 1 deletions
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -8471,7 +8471,20 @@
      },
      "uuid": "f3bae23a-ec73-49cb-8149-f93578bb2bff",
      "value": "Motnug"
+    },
+    {
+      "description": "BadPotato leaks a system token handle through the MS RPN API, which can be used to get NT AUTHORITY\\SYSTEM access.",
+      "meta": {
+        "refs": [
+          "https://github.com/BeichenDream/BadPotato",
+          "https://www.mandiant.com/resources/apt41-us-state-governments",
+          "https://thehackernews.com/2021/06/chinese-hackers-believed-to-be-behind.html",
+          "https://blog.group-ib.com/colunmtk_apt41"
+        ]
+      },
+      "uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c",
+      "value": "BadPotato"
    }
  ],
-  "version": 149
+  "version": 150
 }