diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index f7eba560..d6f6cf16 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -105,8 +105,8 @@ atomic_tests:
 - name: dump volume shadow copy hives with certutil
   auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
   description: |
-    Dump hives from volume shadow copies with the certutil utility
-    This can be done with a non-admin user account
+    Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
+    This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
   supported_platforms:
   - windows
   input_arguments:
@@ -139,7 +139,7 @@ atomic_tests:
 - name: dump volume shadow copy hives with System.IO.File
   auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
   description: |
-    Dump hives from volume shadow copies with System.IO.File
+    Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
   supported_platforms:
   - windows
   input_arguments: