From 99ab2a13d6949b8d442083aadd37d1897a2a14bd Mon Sep 17 00:00:00 2001
From: botlabsDev <54632107+botlabsDev@users.noreply.github.com>
Date: Mon, 14 Mar 2022 18:02:02 +0100
Subject: [PATCH] Add tool 'BadPotato' to clusters/tool.json

---
 clusters/tool.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index aba5166..6360346 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8471,7 +8471,20 @@
       },
       "uuid": "f3bae23a-ec73-49cb-8149-f93578bb2bff",
       "value": "Motnug"
+    },
+    {
+      "description": "BadPotato leaks a system token handle through the MS RPN API, which can be used to get NT AUTHORITY\\SYSTEM access.",
+      "meta": {
+        "refs": [
+          "https://github.com/BeichenDream/BadPotato",
+          "https://www.mandiant.com/resources/apt41-us-state-governments",
+          "https://thehackernews.com/2021/06/chinese-hackers-believed-to-be-behind.html",
+          "https://blog.group-ib.com/colunmtk_apt41"
+        ]
+      },
+      "uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c",
+      "value": "BadPotato"
     }
   ],
-  "version": 149
+  "version": 150
 }