CVE-2021-34527

Vulnerability updated 7 months ago (2024-05-04T20:16:03.435Z)
Download STIX
Preview STIX
CVE-2021-34527, also known as PrintNightmare, is a software vulnerability that involves a flaw in software design or implementation. The exploitation process begins when a user clicks on a link which downloads a ZIP archive containing a malicious JScript (JS) downloader titled 'Stolen Images Evidence.js' or 'DDoS attack proof and instructions on how to fix it.js.' This JS file then contacts a URL on newly created domains to download BazarLoader, which subsequently downloads Cobalt Strike and a PowerShell script designed to exploit the PrintNightmare vulnerability. In addition to CVE-2021-34527, the exploitation of another vulnerability named Follina (CVE-2022-30190) has also been reported. While Russian threat actors have been known to exploit a set of similar vulnerabilities including PrintNightmare (CVE-2021-34527 and CVE-2021-1675), the recent discovery of the use of GooseEgg in Forest Blizzard operations marks a unique development in this landscape. This discovery had not been previously reported by security providers. The report suggests that these vulnerabilities are being exploited to gain unauthorized access to systems and potentially compromise sensitive information. As such, it is crucial for organizations to apply patches and updates promptly to mitigate the risk of exploitation. Increased vigilance is required to monitor for suspicious activity and potential indicators of compromise associated with these vulnerabilities.
Description last updated: 2024-04-23T09:15:41.012Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Printnightmare is a possible alias for CVE-2021-34527. PrintNightmare is a severe vulnerability (CVE-2021-34527) affecting the Windows Print Spooler service, allowing an attacker to escalate privileges either locally or remotely by loading a malicious DLL which will be executed as SYSTEM. This flaw in software design or implementation enables any authen
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Conti Malware is associated with CVE-2021-34527. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several rahas used
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Printnightmare Cve-2021-34527 Vulnerability is associated with CVE-2021-34527. PrintNightmare (CVE-2021-34527) is a significant software vulnerability that was identified and reported in 2021. It is a flaw in the design or implementation of Microsoft's Windows Print Spooler service, which can be exploited for local and Windows Active Domain privilege escalation. This allows atUnspecified
3
Source Document References
Information about the CVE-2021-34527 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more